Overview

overview

8

Static

static

1

LogonFuck.exe

windows7-x64

8

LogonFuck.exe

windows10-2004-x64

8

LogonFuck.exe

android-9-x86

LogonFuck.exe

android-10-x64

LogonFuck.exe

android-11-x64

LogonFuck.exe

macos-10.15-amd64

6

LogonFuck.exe

ubuntu-18.04-amd64

LogonFuck.exe

debian-9-armhf

LogonFuck.exe

debian-9-mips

LogonFuck.exe

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LogonFuck.exe

  • Size

    8.1MB

  • Sample

    230326-s7whwsba41

  • MD5

    7ee3aeb93b0fa8dc34893e8b3c0f5510

  • SHA1

    faedf76ced4d16de8832d084be985ed8b32cf20d

  • SHA256

    78a7a05316929dddcba6788429eeec08b5428590b89b8d272bd79471f0b6a4d8

  • SHA512

    fba2326c80a69841fa9c97198aa69b0b019fffa591a5f7bd8b38da99f8eb8baa0662c8a4dc751ec38dc7892097175f3b760a7d7e1116aaeeb4b2ffe04b821d29

  • SSDEEP

    196608:WIAlVbD80eclAADocTlPP6H442TXmN1baBwPWQySi6dFNq:FaD80ecaAsqVjlXm7bR+Q95d

Score
8/10
androiddiscoveryevasionlinuxmacos

Malware Config

Targets

    • Target

      LogonFuck.exe

    • Size

      8.1MB

    • MD5

      7ee3aeb93b0fa8dc34893e8b3c0f5510

    • SHA1

      faedf76ced4d16de8832d084be985ed8b32cf20d

    • SHA256

      78a7a05316929dddcba6788429eeec08b5428590b89b8d272bd79471f0b6a4d8

    • SHA512

      fba2326c80a69841fa9c97198aa69b0b019fffa591a5f7bd8b38da99f8eb8baa0662c8a4dc751ec38dc7892097175f3b760a7d7e1116aaeeb4b2ffe04b821d29

    • SSDEEP

      196608:WIAlVbD80eclAADocTlPP6H442TXmN1baBwPWQySi6dFNq:FaD80ecaAsqVjlXm7bR+Q95d

    Score
    8/10
    discoveryevasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks