Overview

overview

10

Static

static

3

Wonde.exe

windows7-x64

7

Wonde.exe

windows10-2004-x64

10

Wonde.exe

windows7-x64

1

Wonde.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wonde.rar

  • Size

    72.3MB

  • Sample

    240225-zghyfabg33

  • MD5

    332d8464cf7c2ecd41f95f3095f086f2

  • SHA1

    142e3a26789e95567539f679cb001365cfa6f36b

  • SHA256

    6c3a6e26b5b31f4bb81b7a2ab1aa289e8b0476d93ca3bca66bdbbaf283afdfe0

  • SHA512

    fbaed453a32984ee85e2589de7cca6e67fb52bbd2bb7902a75a7bbefcf1fa9ec211b8fd8da5241bcb363066b088bf0ba4ca9588673acc6b23bab47e9f8a4815c

  • SSDEEP

    1572864:QOkJ/5lVSZrqaGWgt6guWX6RocO+P5PDeHStdn2SY:+hesJ67WXGXO+8Hwn2J

Score
10/10
epsilonpersistencespywarestealer

Malware Config

Targets

    • Target

      Wonde.exe

    • Size

      72.2MB

    • MD5

      243c65c02a2e5b5b40c4671914fa47b9

    • SHA1

      d5283dfa3355c189cd4808c68a7633359192efd6

    • SHA256

      d4b6af15424e837556c8e344c3a9b7d5685fa551b2d32646143f62ecc04cf9af

    • SHA512

      b082a229ce0b9fa91f3da93a2f8cd3e7ecdc3c499e7b74eb28474d9afe53bb02b29e0d1b0d24627a62e7e826553c27d9c75a21a1c85b756e004879b60771302f

    • SSDEEP

      1572864:cejOS3fLKMGwYjEUdLVRg9TYOfB8sAVwLvgUHkNQuiMgMIN:cK2PwWEYRe9Th8sAVCvl/uT7IN

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Wonde.exe

    • Size

      168.6MB

    • MD5

      88c13ef6a2aa8b15ece09b4665d8ae2e

    • SHA1

      4434bdd7810b12eb0159cd69fba9d296c4b069b4

    • SHA256

      33094cd9d94d53d254ea05ee09ab5ba9406a7bd054524e47e9338355d38eaf9b

    • SHA512

      9b17a804138e3051dc2f4c728a4ee07f7b9f76cb48847aeb5cd4ba3dc1a9e642b627024c33d0b4fcced748e3c5d01533248026980243c1a030de2318863ef110

    • SSDEEP

      1572864:KXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:UVKvWZ8tyx4u

    Score
    10/10
    epsilonpersistencespywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks