eabf19c3331d8d063ca07e187e9b00c46893012dfb8768bfb1740a3b06026eff

Resubmissions

03-09-2024 16:24

240903-twp3ea1cmq 7

03-09-2024 15:59

240903-tfa9ba1arj 7

Sharing

Copy URL

Twitter E-mail

General

Target

wondershare_filmora_pro_keygen.zip
Size

21.8MB
Sample

240903-twp3ea1cmq
MD5

3d68c68aacac7c970090f1c131388df2
SHA1

97197657a06a2248dc10a8913ee74c547e498732
SHA256

eabf19c3331d8d063ca07e187e9b00c46893012dfb8768bfb1740a3b06026eff
SHA512

a75eeb79e22a2d0fbba6dae3d856e611081f4b83fc15dd15456b203d8a73b491df9dc77775ac5d2f3ade00fef2f63b3a6730b73d90cf33d74e85d7e2e1f0c077
SSDEEP

393216:fUi1l8bdc58AavxCKob9n2whl53EX4KibcXejSWU2N4ilUJPeNF+Vy0eIr0:fN8bdc5Tafq2whv3OXMcujSWKilUJGDN

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  wondershare_filmora_pro_keygen.exe
- Size
  
  906.3MB
- MD5
  
  fe5080cecfe83cf4b256610517ace7b7
- SHA1
  
  0aaba77b4d45d4daec60fbe2efac0e4cb5fcad54
- SHA256
  
  de0a7a9a962d3d36428ea32e38badac735a78f23595c970eaa18836278468adf
- SHA512
  
  d708aac852f28e9a0f952244c17e52ed2bfb5921b02d363452ac96a4114051925bce363cf99ea404fd66edbecca77f69938b9942de8c8919fa31977b0114414d
- SSDEEP
  
  786432:aK8ea/0DT0WQefI+XIdwhcTsrkMdM7UrZlMxT:aKa0DInefI+XIdwhcTsHdYUrZlMxT
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3