Overview

overview

10

Static

static

Fox Cheat/FoxMod.exe

windows7_x64

10

Fox Cheat/FoxMod.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fox Cheat.zip

  • Size

    91KB

  • Sample

    211024-adrczaceg3

  • MD5

    1354f5d3b7f0433c976171f7c078a4f4

  • SHA1

    99b5b4f7eecaac31972ee403677d1c78ce488e7f

  • SHA256

    60b3dc04b1a1e54175f9ddaf04a9690e6c845a134c4c1ecc7a0c3b5887c8d891

  • SHA512

    83baad524ffef9edf103188c47d72eef961359b5cab159d485de1d5ae218634a4d9b94153f49d72d59efa4d5c836b55f9efdaeb4700cfc2ebd660e887296f50d

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Targets

    • Target

      Fox Cheat/FoxMod.exe

    • Size

      167KB

    • MD5

      bd1acb871aedede6c07f0e21f149851a

    • SHA1

      37ab454591228a86261ebf617dc760f124d8581d

    • SHA256

      0ac33d8c3cbc892f96da5a1fcbd912f21aa77c464fea12d57651494404831225

    • SHA512

      07890b9eb3ef6b89c306348607aab9f78ae529a0581cb737324f4daaee22cfa58146385414679f9c977ef19ca75e35138ef7a733861a586049ac40090d9b4be6

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks