37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428 | Triage

Sharing

General

Target

winzip28-downwz.exe
Size

2.8MB
Sample

240615-l18fjszekm
MD5

17687f01ca5191c5e9dd733b30248ea2
SHA1

9b63db46a9d58b945dd9b850236ed8d4d7d3567a
SHA256

37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428
SHA512

d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c
SSDEEP

49152:W9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqjD:IbCpEYV9uSF5/mt/Ll5xY3gkHu+bHaD

Score

7^/10

macos

Malware Config

Targets

- Target
  
  winzip28-downwz.exe
- Size
  
  2.8MB
- MD5
  
  17687f01ca5191c5e9dd733b30248ea2
- SHA1
  
  9b63db46a9d58b945dd9b850236ed8d4d7d3567a
- SHA256
  
  37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428
- SHA512
  
  d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c
- SSDEEP
  
  49152:W9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqjD:IbCpEYV9uSF5/mt/Ll5xY3gkHu+bHaD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6