Overview

overview

7

Static

static

3

Wonder.zip

windows10-1703-x64

1

Wonder.zip

windows10-2004-x64

1

Wonder.zip

windows11-21h2-x64

1

Wonder/1 H...er.exe

windows10-1703-x64

7

Wonder/1 H...er.exe

windows10-2004-x64

6

Wonder/1 H...er.exe

windows11-21h2-x64

6

Wonder/Bun....3.dll

windows10-1703-x64

1

Wonder/Bun....3.dll

windows10-2004-x64

1

Wonder/Bun....3.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wonder.zip

  • Size

    13.3MB

  • Sample

    240902-rmeh7ssbqr

  • MD5

    121c6a5cec6fc5bcf7d8cebe9209f0a8

  • SHA1

    3800a8e4ebf5ef97f5b86ce8705d75d5cdf5ba9c

  • SHA256

    dcfd8b076cd8aab64b9f4f2c7f9bfe992450e24a911d45ad401aff2d5cefc160

  • SHA512

    002c9b9d2cdda3738442ed5869ee13eb4c5ae81f76d290cab0d20e4d4debf30a2fd4ec4c05a6b23233094a232a8b73ee2a55ccbd734c66e8cb9817bb84d3e6f6

  • SSDEEP

    393216:bxljf3542T4S8qY9aUFt7ZoxChn/T7ygYOMRJ:f3ihoYfZoJ

Score
7/10
discovery

Malware Config

Targets

    • Target

      Wonder.zip

    • Size

      13.3MB

    • MD5

      121c6a5cec6fc5bcf7d8cebe9209f0a8

    • SHA1

      3800a8e4ebf5ef97f5b86ce8705d75d5cdf5ba9c

    • SHA256

      dcfd8b076cd8aab64b9f4f2c7f9bfe992450e24a911d45ad401aff2d5cefc160

    • SHA512

      002c9b9d2cdda3738442ed5869ee13eb4c5ae81f76d290cab0d20e4d4debf30a2fd4ec4c05a6b23233094a232a8b73ee2a55ccbd734c66e8cb9817bb84d3e6f6

    • SSDEEP

      393216:bxljf3542T4S8qY9aUFt7ZoxChn/T7ygYOMRJ:f3ihoYfZoJ

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      Wonder/1 Hit 1 Wonder.exe

    • Size

      4.4MB

    • MD5

      58c67359e3797af9d89a2c1c1bde18b6

    • SHA1

      f40af9d4ce76a32696ecc8ca116e489a1a98eb77

    • SHA256

      ad4ff52deda88e74e641ea9d12dd04425624ad9c279a60c197ff52b9cd2cacea

    • SHA512

      5eda519e5315ca85162cf2de7c6bea4f5576d168cac120872694e4a14ee18857e44c43d833d1c5945ac35b29775a66ad121bf81980976d7bf789ad757fb129a2

    • SSDEEP

      98304:BBrgXLdpvOL+UnL1OLkcCeVULwsSqoOQHNUGC:BB0XTGqEogcCzCNR

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral4behavioral5behavioral6

    • Target

      Wonder/Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    1/10
    behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks