Overview
overview
10Static
static
7WezoAutoUP.exe
windows7-x64
7WezoAutoUP.exe
windows10-2004-x64
7culclientUp.exe
windows7-x64
7culclientUp.exe
windows10-2004-x64
7software.exe
windows7-x64
10software.exe
windows10-2004-x64
10vncDbnt.exe
windows7-x64
8vncDbnt.exe
windows10-2004-x64
8wzoptup.exe
windows7-x64
7wzoptup.exe
windows10-2004-x64
7General
-
Target
f3544211710d293dfe623411feb7e121f5a8b2ea8b9e5e545d1f51b1aa9aabe3
-
Size
4.2MB
-
Sample
240706-bajdma1bpm
-
MD5
b9c98b028ee3a0ece95c0de562950397
-
SHA1
b01ba75e6e1c3e4f4c9bf4d3df58b1a342448a6a
-
SHA256
f3544211710d293dfe623411feb7e121f5a8b2ea8b9e5e545d1f51b1aa9aabe3
-
SHA512
08d1487cad27f64ec0829b3175a0c41f896ff8cfb331de3db671810c371309c05426ea8d3b892235dc1b8a6e82c95dfbed1c079cfe84e63a3a1a5992c10befb2
-
SSDEEP
98304:2xPJJVzsnf1ozRfFzsa5a7LhDfO7F9wf1/xP8OvO8LH+u:25anivs/LBO7EV5Hiu
Behavioral task
behavioral1
Sample
WezoAutoUP.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
WezoAutoUP.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
culclientUp.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
culclientUp.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
software.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
software.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
vncDbnt.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
vncDbnt.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
wzoptup.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
wzoptup.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
vidar
https://t.me/bu77un
https://steamcommunity.com/profiles/76561199730044335
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1
Extracted
lumma
https://civilizzzationo.shop/api
Targets
-
-
Target
WezoAutoUP.exe
-
Size
332KB
-
MD5
46748aff6fcab034d0affddc99c6d876
-
SHA1
b9374a9f4b85ebf36218860f3f80da69505194db
-
SHA256
82a9537d99a9ccc5c534dd87f642a7e77b594f7554c2ed7a32a1a9518634a42c
-
SHA512
8e91545dd88d436abf6afe3245c18254d38cbf994ef2226798544b48ed047e060b466d8ef06e7514cda50d367999a350b9695890510607d327c7bc9390ddf3d5
-
SSDEEP
6144:m68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IH:WfnnK9zABs+TbFx9SXOPCf8DkqAR8zHB
Score7/10-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
culclientUp.exe
-
Size
329KB
-
MD5
915b7366ba2e87a3f5a6810903cbc38a
-
SHA1
0d8fe32290ad5294cc6770daf316114e8cbcc60f
-
SHA256
f6c833657a31e9f8fc136f74aa251d428a6d2ee7bcc6fb74c00ba4f44e902edd
-
SHA512
a6981d6a94ada77245eaeefdb577055e36f1465d400bbcbae064723dd3a3e7f37495926d45a4227e31631b87b513446901e7e48fa75a97823ff1eef681b7ce08
-
SSDEEP
6144:u68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IBG:OfnnK9zABs+TbFx9SXOPCf8DkqAR8zHu
Score7/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
software.exe
-
Size
5.5MB
-
MD5
1ed6f9d578e14edad0bf47edf1f6269f
-
SHA1
0e6546d7a7f237a4c094e24810fd4ab29ab6a970
-
SHA256
83b2f6c63dc3ec6cea64755ce2042ff747d52571daaef8a47934e00378f0afd3
-
SHA512
7481e391bc9fd0b0a30ca7464847e6ab0bbaa4febb8bfb33407742fd2e90f7fb0d88fd2ab0dc49fa499864e16a234d6f910926944c2a3ce337d614351dccfd60
-
SSDEEP
98304:zeL9fRCBL/JS6w1PMcf5blPwJp003KOIupEAjlgJHc6:zeL9ROL/Eh/PQbaObEACl
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
vncDbnt.exe
-
Size
329KB
-
MD5
3597cd93701c4505d035a34271e0b931
-
SHA1
63b311fd5f0d98166273e22ca8fb16c219d3ba07
-
SHA256
acd89e772ca1bc9d3c69cff7430fa4bb921d4468d6115c57cade092944572eb3
-
SHA512
32175d64523038c480a21f609a036c1ed206a1b45eb986da6d20b8e2e1924aefe1eb93d66c1bcd03334e8c126df40d272f0e4e02397ed16db167d3994738a6a3
-
SSDEEP
6144:J68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IX:ffnnK9zABs+TbFx9SXOPCf8DkqAR8zHN
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
wzoptup.exe
-
Size
330KB
-
MD5
206c606e09f81262fbc85065ceca4f59
-
SHA1
96fa2aba33f86d809697d04d083ef3f6108ab197
-
SHA256
7a3271b0079e9f56f20acdb731e46174fc0a1f1a59e5fbd951a6ce9c07db48f9
-
SHA512
57b0fe98b3da4193c6ea267c4be05c5f3a6d2a24f2e79a4cf98d6a3e68e03f1bf9a7438f7f90bb2b6eb11a59ff4e81c5422538f20abf69b4feb4107be900f5e0
-
SSDEEP
6144:e68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1I3A:efnnK9zABs+TbFx9SXOPCf8DkqAR8zHK
Score7/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1