Overview

overview

10

Static

static

3

FraudFox U...15.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    FraudFox UserTools v2.15.exe

  • Size

    890KB

  • Sample

    230506-nn32eabc3x

  • MD5

    1a4e6225d894d592234dac16960f2ce3

  • SHA1

    cb74983fc735e060c56147e817823648edbcc8dd

  • SHA256

    bc85cbd112420d2c5bb605f5fd1d610689c3ca3bf2b9c732d6d199fc9d42e86d

  • SHA512

    c82835ce73b4cd3d93d9518f37925165d9aa14d14767b2277b7cf7585663ce91078efd9bba2595b0dda4a59e75bb2e7c99071725c0d2b30059497d3f758de8da

  • SSDEEP

    12288:HGYiqiKfZhTU94rz2hucGmN+wbs+1Ge8l9RZ8d5gxZM:zBZFUurzIQKX14r49

Score
10/10
persistence

Malware Config

Targets

    • Target

      FraudFox UserTools v2.15.exe

    • Size

      890KB

    • MD5

      1a4e6225d894d592234dac16960f2ce3

    • SHA1

      cb74983fc735e060c56147e817823648edbcc8dd

    • SHA256

      bc85cbd112420d2c5bb605f5fd1d610689c3ca3bf2b9c732d6d199fc9d42e86d

    • SHA512

      c82835ce73b4cd3d93d9518f37925165d9aa14d14767b2277b7cf7585663ce91078efd9bba2595b0dda4a59e75bb2e7c99071725c0d2b30059497d3f758de8da

    • SSDEEP

      12288:HGYiqiKfZhTU94rz2hucGmN+wbs+1Ge8l9RZ8d5gxZM:zBZFUurzIQKX14r49

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks