Malware Spotlight: A Deep-Dive Analysis of WezRat
Tags
Common Information
| Type | Value |
|---|---|
| UUID | e563afc9-3509-4d1e-9176-9ca805bb6924 |
| Fingerprint | 55c5bdd166328f98 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 14, 2024, 2:45 p.m. |
| Added to db | Nov. 14, 2024, 4:03 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Malware Spotlight: A Deep-Dive Analysis of WezRat |
| Title | Malware Spotlight: A Deep-Dive Analysis of WezRat |
| Detected Hints/Tags/Attributes | 92/3/51 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | il-cert.net |
|
| Details | Domain | 2 | il-cert.org.il |
|
| Details | Domain | 4 | connect.il-cert.net |
|
| Details | Domain | 4 | behavioral.win |
|
| Details | Domain | 3 | onlinelive.info |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | 3 | alert@il-cert.net |
||
| Details | File | 5 | installer.msi |
|
| Details | File | 52 | updater.exe |
|
| Details | File | 4 | bd.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 2 | mvpis.dll |
|
| Details | File | 2 | jumpviewui.dll |
|
| Details | File | 2 | stitp.dll |
|
| Details | File | 2 | taskflowui.dll |
|
| Details | File | 2 | 10105060.txt |
|
| Details | File | 2 | clp.dll |
|
| Details | File | 2 | persist.dll |
|
| Details | File | 2 | spitp.dll |
|
| Details | File | 2 | scdll.dll |
|
| Details | File | 2 | kldll.dll |
|
| Details | File | 2 | updll.dll |
|
| Details | File | 2 | clbdll.dll |
|
| Details | File | 6 | first.exe |
|
| Details | File | 2 | afwpmz.exe |
|
| Details | File | 3 | users.dll |
|
| Details | File | 2 | one_drive.exe |
|
| Details | File | 674 | node.js |
|
| Details | md5 | 2 | 6b0d7b2e422a93e81ceed3645d36dd40 |
|
| Details | sha256 | 2 | 66b08e55d11f49493118e8a6cab1bb5f1953b2a4784a38c64cf7ed02bf781713 |
|
| Details | sha256 | 2 | 53055662aeca79a319c8c59194f25bae1b33eab1a39cf18e8daa3602fbca900e |
|
| Details | sha256 | 2 | b96fad26fba197302fd11e1771e996387b7b23c2560e08f20c69069e173c7fa7 |
|
| Details | sha256 | 2 | 2cf3cd8b7df4e87ac17812511510a48be4a9546fed513b9204c7173364db7ae3 |
|
| Details | sha256 | 2 | cf12b2043a05729839a29ff4bd23b4088888da1153ca81040a6c048417254a36 |
|
| Details | sha256 | 2 | 26f66196c463e6ec1f224d9f87c1f75d868c94bba5c8502b6cbe806e06614377 |
|
| Details | sha256 | 2 | e37b95bb9bee64cc0313eaad8a0269493745f89413bd78b58bb3b479b36084ae |
|
| Details | sha256 | 2 | 84366a894120d4a8c83411925ef04de52fa56da6fad0023a71f71a9bf21259ad |
|
| Details | sha256 | 2 | 4431b2a4d7758907f81fb1a0c1e36b2ce03e08d43123b1c398487770afd20727 |
|
| Details | sha256 | 2 | e1a5696dcae33657fd0aa2d1e7a36b84c4647975dab3063ac2f42c19dae0a5a1 |
|
| Details | sha256 | 2 | 5c03ac7128fb6e8ad923897e3696e08c943f4c819e5c1bdbe3df2b5774692d3d |
|
| Details | sha256 | 2 | 5e33c4a38c05f52918ffd4e49fd2d1b1a771010466ceb19eaf378daa02f71700 |
|
| Details | sha256 | 2 | 898595a6646b94f9735442ae65deb5f5364eddf2a7008f66e9d7ee8b6c08c285 |
|
| Details | sha256 | 2 | 629dc03888412ae39d50cc17d5cbe579f2a99be03e6af2f071e68b7226f891d0 |
|
| Details | IPv4 | 2 | 46.249.58.136 |
|
| Details | IPv4 | 3 | 45.143.167.87 |
|
| Details | IPv4 | 2 | 194.11.226.9 |
|
| Details | IPv4 | 3 | 45.120.177.8 |
|
| Details | IPv4 | 2 | 194.4.49.175 |
|
| Details | Pdb | 2 | dll1.pdb |
|
| Details | Pdb | 2 | c:\users\administrator\desktop\socket-client\socket-client\x64\release\socket-client.pdb |
|
| Details | Url | 1 | https://research.checkpoint.com/2024/wezrat-malware-deep-dive |