General
-
Target
Wise Care 365 Pro 6.1.1.595.rar
-
Size
14.9MB
-
Sample
240225-sra71sfd6s
-
MD5
34a2a950f472a08960c976d26b704783
-
SHA1
f5071f62bdb1a3eea56cd4c3a0e6504fc5cda71a
-
SHA256
4b8a4d1c824d2f3e1538403b98a48081d86f125d1181cde50c445220e62dfdf6
-
SHA512
a60de2c7b9425fd803fec6f9bc682ec7c2998827c7b54a2dd55a51da2a7472d2d4818c25df6716d9f106d111d0c4e9a39725bc625201a6c5f6430be0f45c94eb
-
SSDEEP
196608:4Y2UmiVVRLZv+Deq9SNCB6A0rml2Df2ywWi83/hyMWr3q4JPsS42PYjcay7urOtk:RxFVvDrEI2mhyMe3iSG0rBWW9nr2YtA9
Static task
static1
Malware Config
Targets
-
-
Target
Wise Care 365 Pro 6.1.1.595/Wise.Care.365.Pro-6.1.1.595.exe
-
Size
15.0MB
-
MD5
60c73be5e7d64a3e47fe5b1dcf176df5
-
SHA1
52856a024ec8a204be76a2fa017518cd00c9cf28
-
SHA256
f0f5f27156a91529cbdf08d93be8b2d6a23ce6060963fbc4dade4857754a364d
-
SHA512
0475aa1bcc58cc7cb5522e5f4cd93f24aabe47aff2492b10be603922df6fb25b9668c106b95fb4140f00a1ff91504775d1673f6851c8c7678f02f4222dbc21f4
-
SSDEEP
393216:I//smnrkKvE/9+NcMcqo3a84r4UHA92+yKiSGfyhjLLs1ROL1:IfrU/9EcMZ8aCUHg1/iSiyhPg1E
-
Modifies firewall policy service
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Pre-OS Boot
1Bootkit
1