General

  • Target

    wps-office-2019-11.2.0.11134-installer_tOJ0-b1.exe

  • Size

    1.2MB

  • Sample

    241108-nx2jya1hmb

  • MD5

    3f76b98161a0309373f7b781ac42a9b8

  • SHA1

    312faf5b75950e4a931d3c9defdab00ce8cacc94

  • SHA256

    d0f5c97569f3d42c49dbb6751c82f9df212c1b98c212915167a1be0bc9a76e30

  • SHA512

    b55515076987390fd5a2ab525d7dea8bd479f3800c77ff8999e35d6ce6ec69c04e4085c789651e5b794dc1bbe3cefc441dd794a9b6f603b141a3e1d2d6a41000

  • SSDEEP

    24576:SLmJVeAmzfUNXaKkiyBMY0f98vOZvGop7qYnMYvdfI:SLmJV3mLkawV8mFJnMY1w

Malware Config

Targets

    • Target

      Device/HarddiskVolume3/Users/Arunagiri/Downloads/wps-office-2019-11.2.0.11134-installer_tOJ0-b1.exe

    • Size

      1.6MB

    • MD5

      5e78a74973299f34ab436bebec78278f

    • SHA1

      522844f9bcce73645dfe28c897ea85d5417dbde7

    • SHA256

      5d928d04d8c834f2e31d2151bbe5e32e7c20089b5fd077fdc39c7ddb2ef1177e

    • SHA512

      f8634df1a2366b519ee3a62d08e258d5739ffb8d94b5e3b8112a492b4947c5b700692a21a71b9cad15dae73bc38d9fb73b25958bdb26b7afe86dae2115530146

    • SSDEEP

      24576:aawwKusHwEwSNRjVUBj5UQA04kb6rZ/TaUY5r0qxaqmJ6UgF:KwREDBUB1UHkb6rZ7S5cmU

    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks