General

  • Target

    wzsus53.exe

  • Size

    45.5MB

  • Sample

    250630-trkbcstjz2

  • MD5

    9deff019a43346d956d016cd91df342a

  • SHA1

    bc2646503a6e9a0c8a726bdf79a24fceb7e82455

  • SHA256

    fc3e420307b05488b75daf5a1e704018dbcf9ba45bd431eb83f06c937a67d505

  • SHA512

    b6122fc7779d8aafbffaca5bb07ee1142fcfcaf01e007f7aa9e003fb1d25c6b4573002551b5cc1c7a8ce1b2434c6a537d50a91eb91a09c798cff13e14a9230dc

  • SSDEEP

    786432:9VGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVU:9VGmzMxRhdIbIyQWeFa6VsqxIGAApyzK

Malware Config

Targets

    • Target

      wzsus53.exe

    • Size

      45.5MB

    • MD5

      9deff019a43346d956d016cd91df342a

    • SHA1

      bc2646503a6e9a0c8a726bdf79a24fceb7e82455

    • SHA256

      fc3e420307b05488b75daf5a1e704018dbcf9ba45bd431eb83f06c937a67d505

    • SHA512

      b6122fc7779d8aafbffaca5bb07ee1142fcfcaf01e007f7aa9e003fb1d25c6b4573002551b5cc1c7a8ce1b2434c6a537d50a91eb91a09c798cff13e14a9230dc

    • SSDEEP

      786432:9VGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVU:9VGmzMxRhdIbIyQWeFa6VsqxIGAApyzK

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

    • Size

      45.3MB

    • MD5

      e2fdd689cf1c4432b7035a4ef6bc634a

    • SHA1

      59358a207b1babdf402da1da161f962146c32e38

    • SHA256

      0cd05ca009c01746a05f782ba032af73c3269d736b1e0bab7327b9a2252a4d4d

    • SHA512

      6073db8923b2bd0a390b8cadacd59f762d32a177e3ff77a4ce2334ba8b11f35f152006bb06274664aba3622162ddc9dd6ef1ec3125d53589a1fe677865822388

    • SSDEEP

      786432:yGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVf:yGmzMxRhdIbIyQWeFa6VsqxIGAApyzxT

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      67d8f4d5acdb722e9cb7a99570b3ded1

    • SHA1

      f4a729ba77332325ea4dbdeea98b579f501fd26f

    • SHA256

      fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    • SHA512

      03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    • SSDEEP

      192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/linker.dll

    • Size

      7KB

    • MD5

      0d5cf965fafcb11f8744d0dc729339da

    • SHA1

      ccfeb09534dce671a3fcd216606d7ee572a0341e

    • SHA256

      02ee7e90b9379827cb186df48db5b412aaf800196d6967762fb513b9143cd1ef

    • SHA512

      993a598e3c46a4544ee0011a94fd9a4df66131b1526744db31faf8c5bfba4b5695a096d787555a9807d8bfd3e09bebfa73df97db83b144990c84cb14a000ba56

    • SSDEEP

      96:SDq0eXMgXPJphf5EC9Mv2yUWeQTGf3LqyHbk3gvT:90GMgXHcgI2tWeQGeyHbLv

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      7KB

    • MD5

      6e2a127c517f04c7bf22cf392e0a836b

    • SHA1

      e92fe193de327b15a762fe727798d351d30adf34

    • SHA256

      102c22f492c3d31f99e43143218ca64592a2f3bb6933f743d8826075ab9b7ad2

    • SHA512

      ba8f4aca1f430de89bb17fa0fa5e221cdcead7793ecb0fa8a24bd600bbdb84c7cbd1a58a7970bec0e941db7f4d4b6b545e49fe6240545470b9cede8b83b71670

    • SSDEEP

      96:WzyvutWDUcKTKT38HmIxfLUT/hY6Puk1rJ80yh3zVqA8Jvke6YKCpCtI:WzyvutWBCMsGKgThHB8HtsAovL6YwI

    Score
    3/10
    • Target

      SystemInfo-vc141-mt.dll

    • Size

      2.4MB

    • MD5

      584371d492efb5a4d7556a7bcbb4797f

    • SHA1

      ea411599c463fb19ebe5370a404a769391d5828d

    • SHA256

      000ab5ea46bb8d426603cbbcea8328cf9c93d5827ce2dfb858f2e273fbc5d97d

    • SHA512

      5c77eacc2c33cacd867f41a322c81c714b56f51113b189e871bd25785dff299bf815e50c5d0adccf1703d5ca93321dce520b96a51a445110dc2b418de2d1f2c4

    • SSDEEP

      49152:Gn8a8QwQDHNjFVwKIxX0iGK+A5nLDEqHg29KQCfjMubfds728xwr+ul1Ac0QMOlH:Gn8r2xjFVwKIxX0iGK+A5nLDEqHg29Kr

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks