General
-
Target
LogonFuck.exe
-
Size
9.4MB
-
Sample
220706-fbrhvaagg5
-
MD5
0a2b300c470403d18d20e3165e8d65b3
-
SHA1
8c11a3169e87c5d2299367efb2560100c44ddacb
-
SHA256
ed14a4d2759d943ecf24e78779da1211a9ba7a143b25f30fced6f58705a15635
-
SHA512
0a718f62cb3b4f3b656b7f831298e555c136c053ae0ffe697a7b60836c14411cead48f74aa5eb115aea09aedf5b23dfe353742bade5eb872144c5b54fc278d1b
Static task
static1
Behavioral task
behavioral1
Sample
LogonFuck.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral2
Sample
LogonFuck.exe
Resource
win11-20220223-en
Malware Config
Targets
-
-
Target
LogonFuck.exe
-
Size
9.4MB
-
MD5
0a2b300c470403d18d20e3165e8d65b3
-
SHA1
8c11a3169e87c5d2299367efb2560100c44ddacb
-
SHA256
ed14a4d2759d943ecf24e78779da1211a9ba7a143b25f30fced6f58705a15635
-
SHA512
0a718f62cb3b4f3b656b7f831298e555c136c053ae0ffe697a7b60836c14411cead48f74aa5eb115aea09aedf5b23dfe353742bade5eb872144c5b54fc278d1b
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-