243f3743b7c0353104dffd185aa6d754407e7b31c3840e30fdc5ec66d7f1c11b

Sharing

Copy URL

Twitter E-mail

General

Target

WeChatSetup.exe
Size

245.2MB
Sample

240710-gad2sszarn
MD5

7377170ac9bfd90d056012af8613c310
SHA1

e1c44dd59cad4c513fe6384fad5accc10cdfecec
SHA256

243f3743b7c0353104dffd185aa6d754407e7b31c3840e30fdc5ec66d7f1c11b
SHA512

3919294ef33107540ae1f4fe4bec93c74126ebb900000869d8f08ec528668b34e35673b29c266a3fd9e666112f49ade7ff187956ecc08572f05009a09e9bb931
SSDEEP

6291456:Z1jOBQPyYOKF7+6aYG9R1BWj15Do2ATZTNRF4uHio/KjNf:ZZOBQEg+6KWpmBNP4uHfKjNf

Score

9^/10

evasion vmprotect

Malware Config

Targets

- Target
  
  WeChatSetup.exe
- Size
  
  245.2MB
- MD5
  
  7377170ac9bfd90d056012af8613c310
- SHA1
  
  e1c44dd59cad4c513fe6384fad5accc10cdfecec
- SHA256
  
  243f3743b7c0353104dffd185aa6d754407e7b31c3840e30fdc5ec66d7f1c11b
- SHA512
  
  3919294ef33107540ae1f4fe4bec93c74126ebb900000869d8f08ec528668b34e35673b29c266a3fd9e666112f49ade7ff187956ecc08572f05009a09e9bb931
- SSDEEP
  
  6291456:Z1jOBQPyYOKF7+6aYG9R1BWj15Do2ATZTNRF4uHio/KjNf:ZZOBQEg+6KWpmBNP4uHfKjNf
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  492KB
- MD5
  
  633625aa3be670a515fa87ff3a566d90
- SHA1
  
  de035c083125aef5df0a55c153ef6cc4dd4c15b4
- SHA256
  
  bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1
- SHA512
  
  3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9
- SSDEEP
  
  12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  ca332bb753b0775d5e806e236ddcec55
- SHA1
  
  f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
- SHA256
  
  df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
- SHA512
  
  2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
- SSDEEP
  
  192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/WeChatInstallDll.dll
- Size
  
  3.6MB
- MD5
  
  334057ab4993b56c8c663b0224b94567
- SHA1
  
  09a428a52707171f425d9047e1b89bde1d5966dd
- SHA256
  
  3f829f072de5cc33b160f15f62558c86f75f7f96a2673234c9a48c3164f067d1
- SHA512
  
  3b40102c35a946a2ac804b680c61cabe0782b1d334d98d2f7aec5bf3946c2ab80098b0399eb69a1d7aca37073e11dacb6876c977415082fea480d9e4f5762d03
- SSDEEP
  
  98304:HDEkRLBPfvgP9bjyYfg+nT8/6F7x85V+dL:HDTLpgjhoCF7xkV+5
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsInstallAssist.dll
- Size
  
  192KB
- MD5
  
  28b411f3793dbcb81d6f3d3b0527cdba
- SHA1
  
  7614310be1231850e811a818f58ee8b54ae9ceaf
- SHA256
  
  0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127
- SHA512
  
  e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78
- SSDEEP
  
  3072:tYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDa:FdqBhbWCuFpyq5SXya
Score

3^/10
behavioral10 behavioral9
- Target
  
  Uninstall.exe
- Size
  
  1.7MB
- MD5
  
  a83eca93a0dde026ee845a76b08faafa
- SHA1
  
  2eb951e88272b326e48ecc91d88a5423a6233fae
- SHA256
  
  f2b2cb78ef1fd7e90bd45ef2a175583ee3c49380748c08e770be52931915ad18
- SHA512
  
  f3edb0db98c17c6d6fb6a9676fb3ca8a5f97cad4495b5054d40c0cc7075e8439c1b8f12d7226bb885a638d6be255d7cc5fc2e6e5e4b14751d3efea1fd2027e88
- SSDEEP
  
  24576:PGTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdu:8I2G0oWMIoVljGG3aqmQkk9OOp8
Score

4^/10
behavioral11 behavioral12
- Target
  
  WeChat.exe
- Size
  
  644KB
- MD5
  
  c608dfa29a249753b38ebad45f52cc68
- SHA1
  
  f7aacf4caf435dc3be1a40bb96019175d95567d8
- SHA256
  
  d6521203a3641f9606f146f4fc763be5b87fa058915c2eca0a7474c9d76b6ba7
- SHA512
  
  9f3107b14ecb5a0d233cf656577d7ba2776c8a9b3cb0448d295a9fe6733eec69b85b91bf1a60863e21634a72ae173f1030635285e13da14f343d318c134d1b4e
- SSDEEP
  
  6144:mQyk1xZBq65kzLy9tEoEtKE0raGrm+BhK629PRwY+:mQy2Zo65kzLy92oIt0rrXIk9
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral13 behavioral14
- Target
  
  WechatAppLauncher.exe
- Size
  
  612KB
- MD5
  
  08e35f062f4ab4583e683360fda618c9
- SHA1
  
  69278dd8903ab811e5475d3cbe3ffa64f337fc96
- SHA256
  
  19ba49900886740468c8b42c3137554a72348cb9c7f197283ea05998313ab667
- SHA512
  
  14380cea0ec17daf79395cb36866b0cb44a05dcc1e1a21198817b20f949841ece07e7c17b0a91c1a35d2e97cb853e9842d1efda5fc235fb2d3404a7ae3c01e9f
- SSDEEP
  
  6144:1M3AikYL7twGMx4s0eBRWZp2QGnvY4lgNt:1CAi3Y9VBgZp0vH6Nt
Score

1^/10
behavioral15 behavioral16
- Target
  
  [3.9.11.19]/ConfSdk.dll
- Size
  
  1.4MB
- MD5
  
  d56b07e5c1a83171abdef48ee0191dac
- SHA1
  
  5754c87f587c0e165679857342cbf1c7dc288342
- SHA256
  
  46513d7887ae3facd4d3cff7cd12750e0c67f95b63af1a3b68034abb2c7abaa7
- SHA512
  
  1ea3111190b66bbc84c0eebad51a0660dc4a4118d9d65d8deede5379193a8151217b7edc8a16a6821fb0e96c0fc0ca51c699336d2afe0c3915d7bdea50f7ae7b
- SSDEEP
  
  24576:xs4pBaJdHaijaF2U2ap8gaew4/ixgn87XncxlxHLRzYGs3qrQ/jx:CGZmnu87Xncx7LOGsLt
Score

1^/10
behavioral17 behavioral18
- Target
  
  [3.9.11.19]/Uninstall.exe
- Size
  
  1.7MB
- MD5
  
  a83eca93a0dde026ee845a76b08faafa
- SHA1
  
  2eb951e88272b326e48ecc91d88a5423a6233fae
- SHA256
  
  f2b2cb78ef1fd7e90bd45ef2a175583ee3c49380748c08e770be52931915ad18
- SHA512
  
  f3edb0db98c17c6d6fb6a9676fb3ca8a5f97cad4495b5054d40c0cc7075e8439c1b8f12d7226bb885a638d6be255d7cc5fc2e6e5e4b14751d3efea1fd2027e88
- SSDEEP
  
  24576:PGTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdu:8I2G0oWMIoVljGG3aqmQkk9OOp8
Score

4^/10
behavioral19 behavioral20
- Target
  
  [3.9.11.19]/VoipEngine.dll
- Size
  
  15.0MB
- MD5
  
  48a14bca1659e9e28994d66fd2b0d974
- SHA1
  
  f630457c392e995c9513ec77cf8cc524c4fc98aa
- SHA256
  
  94ff88e96358ec2225076a54bf39ee8df2a74f9c1ad50a4f905b5bdecbea237b
- SHA512
  
  1773c5dc08e0412da4e5c9623af0e91e72ca7d8bfd286c31c2cf13e57ae492b14028730c87f8d7471b7aa997024a6a78bdebd6332f32335e600addb2b54cc75d
- SSDEEP
  
  98304:DDrxxem5zHZrWKZDz/Wrx+zE5JOfRncJ0nwF25G1epNMn+Rz35rCmW:DDrxxzFWKZDbWrV5AE6MYzhCmW
Score

1^/10
behavioral21 behavioral22
- Target
  
  [3.9.11.19]/WeChat.exe
- Size
  
  644KB
- MD5
  
  c608dfa29a249753b38ebad45f52cc68
- SHA1
  
  f7aacf4caf435dc3be1a40bb96019175d95567d8
- SHA256
  
  d6521203a3641f9606f146f4fc763be5b87fa058915c2eca0a7474c9d76b6ba7
- SHA512
  
  9f3107b14ecb5a0d233cf656577d7ba2776c8a9b3cb0448d295a9fe6733eec69b85b91bf1a60863e21634a72ae173f1030635285e13da14f343d318c134d1b4e
- SSDEEP
  
  6144:mQyk1xZBq65kzLy9tEoEtKE0raGrm+BhK629PRwY+:mQy2Zo65kzLy92oIt0rrXIk9
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral23 behavioral24
- Target
  
  [3.9.11.19]/WeChatExt.exe
- Size
  
  264KB
- MD5
  
  8ac79925a4cb66d72c0eff86f3666321
- SHA1
  
  26504206d2baefca810442540f8d65f5c499873d
- SHA256
  
  5723102102ab74c3679d1cffcf96a4e96cc482488e3f306c6b07da4acb1c467e
- SHA512
  
  24fb32bebb65485baa6e449fd125acf09b677dfa4336b80a1e3d8ef0d63bf23feaf4db7f5659850b7cc52474e18882b7f278c316bbe0a65db35db552a58add28
- SSDEEP
  
  3072:phZPOgLpukuN+UcN9Ck4m9NTBfXEV3Mxhtoi0S2YA:/ZLL8kowN9CsNTBfE1Mx3gJt
Score

3^/10
behavioral25 behavioral26
- Target
  
  [3.9.11.19]/WeChatResource.dll
- Size
  
  34.7MB
- MD5
  
  50b2f86060e8c27fff69dbf0736c8344
- SHA1
  
  f55ebb154f9f077f61ea0ab072b90dab97848348
- SHA256
  
  b771c06ca7844632c12916abedd27e4eacc2ffecf9487a9431537d5232e31873
- SHA512
  
  1cb435450edcddaeb58f9fc77e2387686d136116b9fb319565ba3ce18d4140bd15ecd5d7c9260748360677e1668988543ed3959f0bb8153f7f6f4669b871c015
- SSDEEP
  
  393216:RxZoV4/X71uMBACjUd+S0+C57k/uAtWhcjhiRiA7/yViNNSVTBh1q4YKlQ3TliXt:fZ44gMBACjXl+ClDeWaFiRnGiqXQ0
Score

1^/10
behavioral27 behavioral28
- Target
  
  [3.9.11.19]/WeChatSpt.exe
- Size
  
  382KB
- MD5
  
  e6fa458644b0681880e9ebe8dbf39051
- SHA1
  
  fb3e1ef35d4edb963f72929662a7ae1bc7fa0e2c
- SHA256
  
  1356d642b111cca801dd681a104f661c51d56e027171d9fee1426417ee099042
- SHA512
  
  2f4205b0761aac054929692dbed16e89bfc34e9aa9f5a5993f9067615c97e4ad0fc70f6d9db8a300134738c5d30c90e9360e17df862f7878fec0d86b64e5109d
- SSDEEP
  
  6144:z5a13RoXXt3HWwQdsgxFnBG6YCz8KamVtnohLTB2YFM0orjbx3iJ:z4132X93HWwQdq6hpPotTsYFu/xyJ
Score

3^/10
behavioral29 behavioral30
- Target
  
  [3.9.11.19]/WeChatUpdate.exe
- Size
  
  2.4MB
- MD5
  
  603a963e2bdf7563abcad353a38abb8b
- SHA1
  
  1884e2bef960c555a976398903c0a002bb2a7df3
- SHA256
  
  45838e896e0e09b488ee092f55234b244b91ca04157d49703d815744b99231d6
- SHA512
  
  abf947173214f8acfa85b73104a6aa5403e35f9cb60bd1bdcd146d67c0f497087fb1fe831e35b974ac9d2ddf6821b7b5a0b4eb6349d8429780ae0d0639fe605b
- SSDEEP
  
  49152:iYNtHBjBeXyf84ZXOJiBZoJ6+tQuuJNOg4Sl8GQV5qU9WtPHXA0pTCxXHp:iY7HVUiIibuuJN3bl8GQvqdNXA0O
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32