50db64d50bbf103e0a8ca64b7797e5c10f2ef3c578e69ee7ee2220f96cd7d99f

General

Target

13.6.0.139-TFXD.rar
Size

214.5MB
Sample

240328-yn5v4sfg98
MD5

75b02b40d852cebc108f4381a5915cd1
SHA1

e5dd07a9e5cb5c93c0797289d59b282ba12aaccf
SHA256

50db64d50bbf103e0a8ca64b7797e5c10f2ef3c578e69ee7ee2220f96cd7d99f
SHA512

c858f8f81315d4c983f71e581194b162c1e22e5650694aa4de8110b18f00bd9ca887a51542e147b0c123328702af43c26d368d7a33875a983ccb9a8a9be853c3
SSDEEP

6291456:cpEB0IHmZxxG1DLqm+adL5kGzOKLffLtStO88b7ii:EEBRH86DLqmF57MWbei

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  13.6.0.139-TFXD.rar
- Size
  
  214.5MB
- MD5
  
  75b02b40d852cebc108f4381a5915cd1
- SHA1
  
  e5dd07a9e5cb5c93c0797289d59b282ba12aaccf
- SHA256
  
  50db64d50bbf103e0a8ca64b7797e5c10f2ef3c578e69ee7ee2220f96cd7d99f
- SHA512
  
  c858f8f81315d4c983f71e581194b162c1e22e5650694aa4de8110b18f00bd9ca887a51542e147b0c123328702af43c26d368d7a33875a983ccb9a8a9be853c3
- SSDEEP
  
  6291456:cpEB0IHmZxxG1DLqm+adL5kGzOKLffLtStO88b7ii:EEBRH86DLqmF57MWbei
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  13.6.0.139-TFXD/WUC v13.x Patcher v1.0.zip
- Size
  
  803KB
- MD5
  
  832d46bca30ff3df63a773079c736c6e
- SHA1
  
  694543c58664c57325632ff529be9155c3faeac9
- SHA256
  
  c6446259f5814dfd65ce2e5d7ebfdede7f2737f0c46b894763a36f303face157
- SHA512
  
  d4e568e73a9fb28c0346dde7a8b070883c366b913b8a999b85378c6a2d08ab03fab9c370f5d8ad6a08b857edca20fc860f75b8dd129958b0960d5c1135490a4f
- SSDEEP
  
  24576:2+deUq/pY+8qPL0nmrocbYoZL+MlWiSDijV:XG/pR8UL0woPEJWhDix
Score

1^/10
behavioral2
- Target
  
  ReadMe.txt
- Size
  
  190B
- MD5
  
  0a11a3bb52bc28e882598db55a9b61d5
- SHA1
  
  8d782b56d1ee9dd00c36f3dcbf5d74aa5ea705d8
- SHA256
  
  d3ff8e5e786bc498996f1fba6679a35b7d38c2948c1b422817fd8562a4941c0d
- SHA512
  
  f792f179c1a7405160bebffa0620c3527050e5bac5b0cb637a7ae959279a32cc00f622a53a5685e8273635aad76c765833a4422db6e8cbb5682efaf66ab304b8
Score

1^/10
behavioral3
- Target
  
  WUC v13.x Patcher v1.0.exe
- Size
  
  842KB
- MD5
  
  49dee71bf2cb4e1d7b6733384aba5832
- SHA1
  
  5500270839ac3073e2379fbe1601f40d5a8eeab2
- SHA256
  
  844ba3d0984661ba86e32b157e140b5432327872aedffbb06cb2c7d216727ca0
- SHA512
  
  ce01b013f4f72cd08d55679b457a0e3b4a1bdb62b71da71562ff28d15d00fd0eb883c4e64bc02eb48f9a53483ed2004496cef24b3d5dcd07f492c5b181d14b24
- SSDEEP
  
  24576:WjUSo9VvR8JQD54B9CnEr2cbw2anSXz9x:WjUSkuQ129C62rlngx
Score

7^/10
- Loads dropped DLL
behavioral4
- Target
  
  13.6.0.139-TFXD/Wondershare hosts blocker.bat
- Size
  
  5KB
- MD5
  
  1badb991805bba70d8cf2961df21a758
- SHA1
  
  ec15fdc9b882ab0c10e6084d41eb33c031479281
- SHA256
  
  e7abe9cba625863dc43d9aa7c12f4a422d59bdb60cee67904d54b122365af89d
- SHA512
  
  6caaca7aa7ef76b6128424fa3a9bda97b57fbcc79d5fcbeba6819e81608a91653b831d12d62fc3492fb8306abcc07fe9f9fc37dd9e92b6187a73f50796a0dc29
- SSDEEP
  
  96:iGXNE4YsQvMyHMIoMrmKYg8Kx84Lm6E47bBZUImpog8iyK03AYt0sOeg0KGa25vJ:ip4YsQv9HvoQmKYg8Kx84Lm6E4frUIsk
Score

8^/10

discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral5
- Target
  
  13.6.0.139-TFXD/uniconverter13_full9629.exe
- Size
  
  213.7MB
- MD5
  
  ca730f6fa7b9eca4711dd4811165df5e
- SHA1
  
  f9e42c085f77a76dbcc40ae0ca6d8d72c7aa6c9a
- SHA256
  
  6d12ccb619dbdf58848bf80aa0b13410cd89a76ef3bad3706685a308e47077bc
- SHA512
  
  3775d2f6c7e77576ddd2575e48bd3b2bae964664b57efc123b579aeae925e7073ac7751e1a5e25a6e15751a5e5d777ca6f3cd8f30cc47a84f1046b717998c5ea
- SSDEEP
  
  6291456:ppEB0IHmZxxG1DLqm+adL5kGzOKLffLtStO88b7u:DEBRH86DLqmF57MWbC
Score

4^/10
behavioral6