General
-
Target
Download_Ready-66238.zip
-
Size
43.7MB
-
Sample
240701-wrmslawank
-
MD5
93045aac14e39d730d5714aa45688ea0
-
SHA1
6d318bfe8276c77c3554ee8b8bfb7c86d69701c9
-
SHA256
38c0f723ada4fb0e78b153e8d8ac1ffc6d602b92c1f02dfbf310ff75ee2dc138
-
SHA512
a329f8e5611d17fb0f2fccb41c26697344bcefc369c6fd2e2a301dd7a2d3fd80371235e6881eb81b4d086a28661f1ce1a5950713535ce12617a9e62b782878bb
-
SSDEEP
786432:aYtMDfNyg/07BDaZ1Y9t1I5HU/JPJm2k76K2K6cMKR0VeBKk+is:tc907Ym14HEJPo2pTARhEis
Malware Config
Targets
-
-
Target
Installation_2025.exe
-
Size
66.3MB
-
MD5
80a8abe66bbedb96f87f976040deedba
-
SHA1
37f74bae981e5c65e3c83101d10a4782c3f1baff
-
SHA256
e8cc1d2f2267e27a588654f7547a319eba8e65e50ec93de5ee293fcf773e6ec8
-
SHA512
09b317c141f59073fededc4ff2f24bbd919d5c5b630930960da057a62303a9fa81218d6787649d3b243f73ca6d5a7240d2c7bc26ca582355eaf1659db8ed1e55
-
SSDEEP
1572864:lsYtIxGISmn1vpUBZZzrAYjxGOmWMCHWVtGNIxV:2YtI7/5uBZ93VeDWwtGCxV
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1