Overview

overview

10

Static

static

10

RezWpf.exe...pet.js

windows7-x64

3

RezWpf.exe...pet.js

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RezWare.zip

  • Size

    43.2MB

  • Sample

    240908-qmezaszhnd

  • MD5

    3869ef022c840168941a1abba691084e

  • SHA1

    350f351ddde31b876d7897c70d02b5cc9d497bff

  • SHA256

    f8a9ec0250ec7b6bc1ecb18fa1d39e70df2661a0187f4babfbcccf5065997fc6

  • SHA512

    357f280079f1d5d5492201262b0c7381a7232293c287fbfb9672fd4ab46ee6f39125d398e5b0def78a8fba0979f3e2cd3a81f14571521a111c7c906957407e70

  • SSDEEP

    786432:anWI+m4jvB+GrOJjk2FOhb6djCqUsJYaxVpOeOKA1a5ZqsJjmW0ZEIWz:aOm4NxO3zj0s+cFcKqKq3g

Score
10/10
agenttesladiscoveryexecution

Malware Config

Targets

    • Target

      RezWpf.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js

    • Size

      2KB

    • MD5

      f5c93c471485f4b9ab45260518c30267

    • SHA1

      ee6e09fb23b6f3f402e409a2272521fdd7ad89ed

    • SHA256

      9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690

    • SHA512

      e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda

    Score
    7/10
    executiondiscovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks