General
-
Target
wzsus53.exe
-
Size
45.5MB
-
Sample
250630-trkbcstjz2
-
MD5
9deff019a43346d956d016cd91df342a
-
SHA1
bc2646503a6e9a0c8a726bdf79a24fceb7e82455
-
SHA256
fc3e420307b05488b75daf5a1e704018dbcf9ba45bd431eb83f06c937a67d505
-
SHA512
b6122fc7779d8aafbffaca5bb07ee1142fcfcaf01e007f7aa9e003fb1d25c6b4573002551b5cc1c7a8ce1b2434c6a537d50a91eb91a09c798cff13e14a9230dc
-
SSDEEP
786432:9VGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVU:9VGmzMxRhdIbIyQWeFa6VsqxIGAApyzK
Static task
static1
Behavioral task
behavioral1
Sample
wzsus53.exe
Resource
win11-20250619-en
Behavioral task
behavioral2
Sample
f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
Resource
win11-20250610-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20250619-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/linker.dll
Resource
win11-20250619-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win11-20250610-en
Behavioral task
behavioral7
Sample
SystemInfo-vc141-mt.dll
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
wzsus53.exe
-
Size
45.5MB
-
MD5
9deff019a43346d956d016cd91df342a
-
SHA1
bc2646503a6e9a0c8a726bdf79a24fceb7e82455
-
SHA256
fc3e420307b05488b75daf5a1e704018dbcf9ba45bd431eb83f06c937a67d505
-
SHA512
b6122fc7779d8aafbffaca5bb07ee1142fcfcaf01e007f7aa9e003fb1d25c6b4573002551b5cc1c7a8ce1b2434c6a537d50a91eb91a09c798cff13e14a9230dc
-
SSDEEP
786432:9VGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVU:9VGmzMxRhdIbIyQWeFa6VsqxIGAApyzK
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
-
Size
45.3MB
-
MD5
e2fdd689cf1c4432b7035a4ef6bc634a
-
SHA1
59358a207b1babdf402da1da161f962146c32e38
-
SHA256
0cd05ca009c01746a05f782ba032af73c3269d736b1e0bab7327b9a2252a4d4d
-
SHA512
6073db8923b2bd0a390b8cadacd59f762d32a177e3ff77a4ce2334ba8b11f35f152006bb06274664aba3622162ddc9dd6ef1ec3125d53589a1fe677865822388
-
SSDEEP
786432:yGm8MMKmA+hdUhdVINydDp+W+iAFaCVVsqxIEnABHqkBEzYiyFVx6OBT2oVf:yGmzMxRhdIbIyQWeFa6VsqxIGAApyzxT
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
67d8f4d5acdb722e9cb7a99570b3ded1
-
SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f
-
SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
-
SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
-
SSDEEP
192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
-
-
Target
$PLUGINSDIR/linker.dll
-
Size
7KB
-
MD5
0d5cf965fafcb11f8744d0dc729339da
-
SHA1
ccfeb09534dce671a3fcd216606d7ee572a0341e
-
SHA256
02ee7e90b9379827cb186df48db5b412aaf800196d6967762fb513b9143cd1ef
-
SHA512
993a598e3c46a4544ee0011a94fd9a4df66131b1526744db31faf8c5bfba4b5695a096d787555a9807d8bfd3e09bebfa73df97db83b144990c84cb14a000ba56
-
SSDEEP
96:SDq0eXMgXPJphf5EC9Mv2yUWeQTGf3LqyHbk3gvT:90GMgXHcgI2tWeQGeyHbLv
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
7KB
-
MD5
6e2a127c517f04c7bf22cf392e0a836b
-
SHA1
e92fe193de327b15a762fe727798d351d30adf34
-
SHA256
102c22f492c3d31f99e43143218ca64592a2f3bb6933f743d8826075ab9b7ad2
-
SHA512
ba8f4aca1f430de89bb17fa0fa5e221cdcead7793ecb0fa8a24bd600bbdb84c7cbd1a58a7970bec0e941db7f4d4b6b545e49fe6240545470b9cede8b83b71670
-
SSDEEP
96:WzyvutWDUcKTKT38HmIxfLUT/hY6Puk1rJ80yh3zVqA8Jvke6YKCpCtI:WzyvutWBCMsGKgThHB8HtsAovL6YwI
Score3/10 -
-
-
Target
SystemInfo-vc141-mt.dll
-
Size
2.4MB
-
MD5
584371d492efb5a4d7556a7bcbb4797f
-
SHA1
ea411599c463fb19ebe5370a404a769391d5828d
-
SHA256
000ab5ea46bb8d426603cbbcea8328cf9c93d5827ce2dfb858f2e273fbc5d97d
-
SHA512
5c77eacc2c33cacd867f41a322c81c714b56f51113b189e871bd25785dff299bf815e50c5d0adccf1703d5ca93321dce520b96a51a445110dc2b418de2d1f2c4
-
SSDEEP
49152:Gn8a8QwQDHNjFVwKIxX0iGK+A5nLDEqHg29KQCfjMubfds728xwr+ul1Ac0QMOlH:Gn8r2xjFVwKIxX0iGK+A5nLDEqHg29Kr
Score1/10 -
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1