General

  • Target

    WebframeworkTools_V5.3_enhance_beta.zip

  • Size

    30.1MB

  • Sample

    240610-dfwl9abg66

  • MD5

    a989d8efaee845b149f12a7a62c64363

  • SHA1

    48d68aac33f1caf83c17227acb825a67f6eb8961

  • SHA256

    6731e52ad3af0f4796f6b7d3c95f8182dc3d00c8c602e4787f0cb022838edca6

  • SHA512

    97e8533b404531c4943b22b63de8bc4c9d966f23e88a0e39ac9a1c80e08c110b9994990c6ff7e31f43a059e3f0a0a4a98b837ee3974609a0ee8e736c5db2c9f6

  • SSDEEP

    786432:2XSgtHz7WKsf1iDvvPqidiSADbC0qTLxDI:2XP9z7lsf2vvPqXq9I

Malware Config

Targets

    • Target

      WebFrameworkTools.exe

    • Size

      18.7MB

    • MD5

      c7a98b519b6b7985a9793a94601557b4

    • SHA1

      5cdf4fc4a5fab8e30b947c827a23aef1b13df4d0

    • SHA256

      32c488b7a9e15597a024201c7e55396ee25401a4ba1ab95cd73be1c2434f0ff9

    • SHA512

      8445b93a6648ec60b135ec565af1c2617d6e7e5016a1d5ac79c785feac893ef31d7df72acc24e521c6d446688649e59628c2ac4c2070bcf803856a532fab324d

    • SSDEEP

      393216:VwS6pO9ks2OFmb4akektTcBKNChnRld7lnlRRo9DuUB/F:K5s2wmXGcQNEnbnHROB/F

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      cmd.bat

    • Size

      5B

    • MD5

      ea2b2676c28c0db26d39331a336c6b92

    • SHA1

      2b020927d3c6eb407223a1baa3d6ce3597a3f88d

    • SHA256

      cced28c6dc3f99c2396a5eaad732bf6b28142335892b1cd0e6af6cdb53f5ccfa

    • SHA512

      cd3ca530caee1aabac0ebbd2ea45c568bdd1442da5724d22ad5c51461fccb3f304806658486c0790053683cf875a5ebb62514404008aeccce9bcc3f7bf5adee8

    Score
    1/10
    • Target

      dllpluginExpGenerateok/UserDllpluginExpGenerate.exe

    • Size

      10.5MB

    • MD5

      afee1f157679a75fe04557add6d15240

    • SHA1

      8d45732ded5ad606bc4d9b2666367fa1bce6500e

    • SHA256

      379bfc92c0e21f386c605905b1b5ac0f147b4d4e3a1b4c97ddab9fb5601981ce

    • SHA512

      f133dee62a8e89d3989f67281bd5cb2dfe724c038dfc453c1b2c292137af7554de4c1b7ddbfe7763f60713ab1c259047e87edd07ab8adf8d4ca4f16e346a0266

    • SSDEEP

      196608:Y39iTu3MHnkk1uuQ8q+r8wpXdST3ucAcMhREvMMKkt3pcsMe:6sr/cuQ8qw8mXd83M5huMMpt3Ue

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks