General
-
Target
librewolf-123.0-1-windows-x86_64-setup.exe
-
Size
130.2MB
-
Sample
240302-3k8j2sah32
-
MD5
d0c066a8e785ee2a6f469e1e802ffd1b
-
SHA1
a629bc0407676a057aa2fce33cb87503f37debfb
-
SHA256
e1db00d0253f655071b0908a246cad6931e189a1fe174f090cfe6643ea2d7845
-
SHA512
a4a936ec9c4cc218cc16b3402a87a91aba23f942f2e70cbdf4c1014b623202881318647dc2000643068379548f4d120a82bd4c2472ae19d2e8a03c581551402f
-
SSDEEP
3145728:IOouU1zGD7SxujSf4FlgNATcv1uTZ4IPYhsuexP2H80Q8/:UuU1c7SMwScvQTZSh7I2Hd
Static task
static1
Behavioral task
behavioral1
Sample
librewolf-123.0-1-windows-x86_64-setup.exe
Resource
win10v2004-20240226-es
Malware Config
Targets
-
-
Target
librewolf-123.0-1-windows-x86_64-setup.exe
-
Size
130.2MB
-
MD5
d0c066a8e785ee2a6f469e1e802ffd1b
-
SHA1
a629bc0407676a057aa2fce33cb87503f37debfb
-
SHA256
e1db00d0253f655071b0908a246cad6931e189a1fe174f090cfe6643ea2d7845
-
SHA512
a4a936ec9c4cc218cc16b3402a87a91aba23f942f2e70cbdf4c1014b623202881318647dc2000643068379548f4d120a82bd4c2472ae19d2e8a03c581551402f
-
SSDEEP
3145728:IOouU1zGD7SxujSf4FlgNATcv1uTZ4IPYhsuexP2H80Q8/:UuU1c7SMwScvQTZSh7I2Hd
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1