Overview
overview
10Static
static
FoxRansomw...65.exe
windows7_x64
10FoxRansomw...65.exe
windows10-2004_x64
10FoxRansomw...a7.exe
windows7_x64
10FoxRansomw...a7.exe
windows10-2004_x64
10FoxRansomw...20.exe
windows7_x64
10FoxRansomw...20.exe
windows10-2004_x64
10FoxRansomw...0b.exe
windows7_x64
10FoxRansomw...0b.exe
windows10-2004_x64
10FoxRansomw...53.exe
windows7_x64
10FoxRansomw...53.exe
windows10-2004_x64
10FoxRansomw...b1.exe
windows7_x64
10FoxRansomw...b1.exe
windows10-2004_x64
10Analysis
-
max time kernel
153s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 08:39
Static task
static1
Behavioral task
behavioral1
Sample
FoxRansomware/0676816e9e450dea861a65a0b29f44179e1999f09a24e488ec6756528a5e6b65.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral2
Sample
FoxRansomware/0676816e9e450dea861a65a0b29f44179e1999f09a24e488ec6756528a5e6b65.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
Behavioral task
behavioral3
Sample
FoxRansomware/0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral4
Sample
FoxRansomware/0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral5
Sample
FoxRansomware/42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral6
Sample
FoxRansomware/42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral7
Sample
FoxRansomware/6e9060d56e669658b059f25a05f37f4d266658fece36afdb564536607fd9570b.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral8
Sample
FoxRansomware/6e9060d56e669658b059f25a05f37f4d266658fece36afdb564536607fd9570b.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral9
Sample
FoxRansomware/91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral10
Sample
FoxRansomware/91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral11
Sample
FoxRansomware/941af29a59f8d5960af161b9116bbc7d574a9af6f69a47cf0d3daeb31cba6eb1.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral12
Sample
FoxRansomware/941af29a59f8d5960af161b9116bbc7d574a9af6f69a47cf0d3daeb31cba6eb1.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
General
-
Target
FoxRansomware/91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe
-
Size
1.2MB
-
MD5
1fa1b6d4b3ed867c1d4baffc77417611
-
SHA1
afb5e385f9cc8910d7a970b6c32b8d79295579da
-
SHA256
91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53
-
SHA512
0600b92914a7489a6428b8e4217e5f24e1d149fc5807d86cc4de91b43be2470a1ddf77093c8732d4371a87fd163cc556e09d11a2c6655382a35a5f5741ae05a5
Malware Config
Extracted
http://myexternalip.com/raw
Signatures
-
Matrix Ransomware 64 IoCs
Targeted ransomware with information collection and encryption functionality.
Processes:
91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exedescription flow ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\FreeCell\es-ES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Mahjong\de-DE\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryugmcli.default-release\storage\permanent\chrome\idb\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Office\Office14\1033\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jre7\lib\fonts\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\#FOX_README#.rtf 91d07adbf35edb6bb96e7b210f17b9b868ed858802727d6f69c1e5a2d37a9c53.exe HTTP URL 3 http://fredstat.000webhostapp.com/addrecord.php?apikey=fox_api_key&compuser=QSKGHMYQ|Admin&sid=cW4uZ1UxgUCSPDH2&phase=START