Overview

overview

10

Static

static

10

PermWooferFree.exe

windows10-2004-x64

8

�F>�Vn�.pyc

windows10-2004-x64

Resubmissions

01/07/2024, 06:45

240701-hh6bpa1hpn 10

01/07/2024, 06:18

240701-g2q6fa1fkm 10

01/07/2024, 06:17

240701-g2dv4s1fjr 10

01/07/2024, 06:12

240701-gyhpws1epn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PermWooferFree.exe

  • Size

    6.3MB

  • Sample

    240701-g2dv4s1fjr

  • MD5

    833e1628d78267488388297a80d19f5a

  • SHA1

    b8ca9f9bcfef3714ccb7fc47e9970df8ee89e7b6

  • SHA256

    8f36a22735838340a5b9fde61cb382c94c4005e7253a648fe17e8c33e888bb41

  • SHA512

    8d2791d852d9b1abac590406285d47af36c82111bd0de03aced6055bb7d6abc1c07cf9d3f77a73744512eea1741cfce04465dcc7604bad5b0b976fa87306f359

  • SSDEEP

    98304:dgXd0q75YthUnpYccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pq:a5e6n2raRRnz+R8zmPm1D7P

Score
10/10
blankgrabberdefense_evasionexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      PermWooferFree.exe

    • Size

      6.3MB

    • MD5

      833e1628d78267488388297a80d19f5a

    • SHA1

      b8ca9f9bcfef3714ccb7fc47e9970df8ee89e7b6

    • SHA256

      8f36a22735838340a5b9fde61cb382c94c4005e7253a648fe17e8c33e888bb41

    • SHA512

      8d2791d852d9b1abac590406285d47af36c82111bd0de03aced6055bb7d6abc1c07cf9d3f77a73744512eea1741cfce04465dcc7604bad5b0b976fa87306f359

    • SSDEEP

      98304:dgXd0q75YthUnpYccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pq:a5e6n2raRRnz+R8zmPm1D7P

    Score
    8/10
    defense_evasionexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1

    • Target

      �F>�Vn�.pyc

    • Size

      1KB

    • MD5

      78f7c3746630b8ce881b0301552da3f1

    • SHA1

      03489b0f17a979d56cfce85b2c2bcbff7ff36037

    • SHA256

      cad2fa62fd79553aab506b2fa734174a936dae60580c76ef8bc83e8a8d0d821d

    • SHA512

      b29b428f5d8d6b844d8cfb53db8d2d397b63473f7444da1bbfc5050408ff81efae76915d25ff97f144bdfb59bf26a63846d28ab68fc7924003454813baaeab49

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks