bluefox | 50a20d968ac12ec915b3d12d57feea7c8ce1cbc5e0ec79c678fe2194edd34d21 | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

8951741821.zip
Size

3.1MB
Sample

230202-zrezjaah3x
MD5

4cae3633db9a2b6ff09d77e77d2d0cef
SHA1

cbacfc9826589b679f72ee6476feb71cc2501cfb
SHA256

50a20d968ac12ec915b3d12d57feea7c8ce1cbc5e0ec79c678fe2194edd34d21
SHA512

bfc20a284b37ad463ad1150d20429c54ce7ab8ee53ea3ffd2c18c61c4433430f8fa92a56328ef091565f3e9541a17e165b9702bfc849039c0bd061dfe521dedf
SSDEEP

98304:R0NPN+muqTLKKV8tSTDHV9JpYLrZXsZ4Dca:4V92u9TDHVp+Zb1

Score

10^/10

bluefox evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

bluefox evasion stealer themida trojan

windows7-x64

9 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220901-en

bluefox evasion stealer themida trojan

windows10-2004-x64

8 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  376.3MB
- MD5
  
  38eb2b2611ed105e0a1bb9e331abb038
- SHA1
  
  fa05ff8ecca6a42e15e1218c423316a7cad3674a
- SHA256
  
  08e4f43424b6845ea482ac01d1094d883a1d18b631669a4d9627c77dbf7acf76
- SHA512
  
  e33128a3f516c6dc903850090b546f764182a46f38563faf57029e861ae165ce45ca713c99d26a16d6cc1e3ae0d6e7c3e2c990d3b7f2a393d12243b72aa7a3a8
- SSDEEP
  
  49152:XToqRjktHN+cEUoqJCCudWoCoRXb2YP4Fu7iHeCNVrMqaXsd4AC:jTRAB7Ci5OXb2YP4Fu7+eCNVwqxd4AC
Score

10^/10

bluefox evasion stealer themida trojan
- BlueFox
  BlueFox is an infostealer written in C# and first seen in December 2021.
  stealer bluefox
- BlueFox Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bluefoxevasionstealerthemidatrojan

behavioral2

bluefoxevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy