Overview

overview

8

Static

static

3

WOMicClien..._2.exe

windows7-x64

WOMicClien..._2.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

driver/devcon.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WOMicClientSetup5_2.exe

  • Size

    1.4MB

  • Sample

    240801-zs4dhszhre

  • MD5

    d8c68825b8a2cd1f00736b617240684c

  • SHA1

    7b68a0832785021e8883cec41606e60fa4a887e6

  • SHA256

    c7c7227a636b4c612cdf3f3d803be3ef1cf8f9aedad1c5d6620e0b9f6e0931a8

  • SHA512

    15f79655b8cfefa402aca135e900881b266f6de3f6f2ada63b59303c0a9efac0175fb253ed640a4cfc2888c5e6954ab24c7c54d4532ca56c3b0a90107af02b05

  • SSDEEP

    24576:Y12rpcEd5xQyaYXnCTZh5GYP7INP4w6ZtwZdsIAljoXHNAi7JYYDd+7PJms:QkzSy/nClDzBaZfuo3HYnPJd

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      WOMicClientSetup5_2.exe

    • Size

      1.4MB

    • MD5

      d8c68825b8a2cd1f00736b617240684c

    • SHA1

      7b68a0832785021e8883cec41606e60fa4a887e6

    • SHA256

      c7c7227a636b4c612cdf3f3d803be3ef1cf8f9aedad1c5d6620e0b9f6e0931a8

    • SHA512

      15f79655b8cfefa402aca135e900881b266f6de3f6f2ada63b59303c0a9efac0175fb253ed640a4cfc2888c5e6954ab24c7c54d4532ca56c3b0a90107af02b05

    • SSDEEP

      24576:Y12rpcEd5xQyaYXnCTZh5GYP7INP4w6ZtwZdsIAljoXHNAi7JYYDd+7PJms:QkzSy/nClDzBaZfuo3HYnPJd

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      174708997758321cf926b69318c6c3f5

    • SHA1

      645488089bf320f6864e0d0bc284c85216e56fbd

    • SHA256

      f577b66492e97c7b8bf515398d8deb745abafd74f56fc03e67fce248ebbeb873

    • SHA512

      214433597e04ca1ff9b4fe092d5d2997707a7c56f0f82c85d586088a200e4455028f3b9427d87b4f06f9252557d5be4b7a9138ea6a8d045df6209421fd8ca054

    • SSDEEP

      48:S46+/ZTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mCofjLl:zDuPbOBtWZBV8jAWiAJCdv2CmpL

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      0ff2d70cfdc8095ea99ca2dabbec3cd7

    • SHA1

      10c51496d37cecd0e8a503a5a9bb2329d9b38116

    • SHA256

      982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    • SHA512

      cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

    • SSDEEP

      192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      d6c3dd680c6467d07d730255d0ee5d87

    • SHA1

      57e7a1d142032652256291b8ed2703b3dc1dfa9b

    • SHA256

      aedb5122c12037bcf5c79c2197d1474e759cf47c67c37cdb21cf27428854a55b

    • SHA512

      c28613d6d91c1f1f7951116f114da1c49e5f4994c855e522930bb4a8bdd73f12cadf1c6dcb84fc8d9f983ec60a40ac39522d3f86695e17ec88da4bd91c7b6a51

    • SSDEEP

      192:oWa8cSzvTyl4tgi8pPjQM0PuAg0YNyZIFtSP:DaBSzm+t18pZ0WAg0RZIFg

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      driver/devcon.exe

    • Size

      80KB

    • MD5

      b9808a5cc368bd10a3a83af244285ac2

    • SHA1

      ad3c0e42478a0d726b74925eb2a3c1d604bdcf3d

    • SHA256

      7b76bac391c62c5884332bd606b6026aecba8ce57c919cc1f142ef2a052dbc08

    • SHA512

      828e258a597b68e4a89a568a96beed71da32a0feb60dd6713ca2b1a25c2e534a83d93e6a29b7e4cb5e47658e14a1c23efab1f05d27c8e95af37d182428d863b7

    • SSDEEP

      1536:E+EDgNvx61NPpEJSIaXnRkneWTH0tFc5VojFFMqO7WE:E/5REBinRkeW703cAjnM3W

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks