Extracted

• • Target

    FearlessLauncher.exe

  • Size

    71KB

  • MD5

    921b80699829ba456a35ff4a4cc16861

  • SHA1

    f01420e7dd677d50763c8344d33549076734682a

  • SHA256

    a94809a32eb1cee1f9490410fe9592790fe00802c620b1b881fb0c8815b1efba

  • SHA512

    a8d2650a9f7290ddaff5c0b1a842cfd4f473f91f23fc8d7f07294c528eb98cca63a48a5f5552c4bf33465f59b9f74fbc3c9d783064e927e8974ca316893c2bf1

  • SSDEEP

    384:A67eCgMkHDsar3lL9O65uJor+1kKQmQhVXZzyM9MpPYAhk5:AFla6/wmhrV2pL

  Score

  10^/10

  evasionpersistence

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2