Overview

overview

8

Static

static

3

capwareud.exe

windows7-x64

8

capwareud.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    capwareud.exe

  • Size

    37KB

  • Sample

    240913-bwl2mswhmk

  • MD5

    953597b00fe70c0a06d702cbc709fdbd

  • SHA1

    abd4f3b657a9faa58257202922c7741cb9fac06c

  • SHA256

    4273eb6bbc95b298e958afb5d5199e3cf09234d9dc6a609ec063827f54a157d6

  • SHA512

    89904aabdf9de5f4706621dde8ee1fa1b98c224d6a83d740e1967a3afc4adbd6a4892aafbdc61a8e20e013440db61751798da93da2e63b23a2026601a5fa6b15

  • SSDEEP

    768:0PFKLWc/s7liv5yshYFBnguFNLTXpL5RyrgIw9zB6SQ0Nh:oFKLsL54+9zo90Nh

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      capwareud.exe

    • Size

      37KB

    • MD5

      953597b00fe70c0a06d702cbc709fdbd

    • SHA1

      abd4f3b657a9faa58257202922c7741cb9fac06c

    • SHA256

      4273eb6bbc95b298e958afb5d5199e3cf09234d9dc6a609ec063827f54a157d6

    • SHA512

      89904aabdf9de5f4706621dde8ee1fa1b98c224d6a83d740e1967a3afc4adbd6a4892aafbdc61a8e20e013440db61751798da93da2e63b23a2026601a5fa6b15

    • SSDEEP

      768:0PFKLWc/s7liv5yshYFBnguFNLTXpL5RyrgIw9zB6SQ0Nh:oFKLsL54+9zo90Nh

    Score
    8/10
    evasionpersistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks