7c0f72bad64237b4b2749840811299838e0062bd1551182ac82cae17a7e555bf

Sharing

Copy URL

Twitter E-mail

General

Target

cd7490b15757f3b38cd07fb329d7aa81
Size

15.7MB
Sample

231222-r8e2vsdfdn
MD5

cd7490b15757f3b38cd07fb329d7aa81
SHA1

7286fe492fe7ce9f8f4e315f7fb550428c0f50ca
SHA256

7c0f72bad64237b4b2749840811299838e0062bd1551182ac82cae17a7e555bf
SHA512

a8b42ef7062f8abe07976b87dc7ee70d6c7964254fd9863d9d045be83e0c0b02c02560a5ac8a0fb1fe75e6df961193d84b2ae42ef7bdad7bddc607a49d917b9a
SSDEEP

393216:o8MuTebBSAVo/tflau/0vq3ARCQ91cl4Yb4JqQ6wD2:OLXo/tfvcvq499JqVwS

Score

9^/10

evasion upx

Malware Config

Targets

- Target
  
  How to install REFOX on Mac.docx
- Size
  
  1.3MB
- MD5
  
  f5d1134ce9eb7318b73cb6447dd68ac6
- SHA1
  
  46c9a8ee647d78b683bda7b2433dcd29a5cdca8d
- SHA256
  
  d62bb3ee73647e01c2f9fe390c3e7d258968bf225e8958aec7542dd2494547de
- SHA512
  
  ef3a9b21672458de3a3a53bcf80569fab10a36230db417b084d9fe19e482d9556c22549acfe115eec78ca9ace592b07f0748fd226dba4cf97e4e84d407cc4155
- SSDEEP
  
  24576:MYD05kiqG2CW7tpsRQnNGnAvwsnYteM944FJDIj38W506lqg1n+D5KgKDIW4GD:MYYzqG2CW73GQnN4AvwltPzDIr8X6Rr5
Score

4^/10
behavioral1 behavioral2
- Target
  
  refox/UpdateInfo.exe
- Size
  
  1.7MB
- MD5
  
  435dcf227c315d7b92e91a3d6e2fd11f
- SHA1
  
  a4f3a36571f8d92816dac3a4cb0f273e7dffc53d
- SHA256
  
  f00281f399a1bca6af998e51d108f8040f0fe0d671d0f55ddd4c8499174d6a96
- SHA512
  
  f21f59e74a25c6e4ef5c4cef1200390596a0d752986c543ebfaccef993394d342b023846e7403979651d77da719cc27a4564f3e14f92863b7b7e306e4dcd8d70
- SSDEEP
  
  49152:WQIx45vvRZHH8hUXGnsrkMPP9UQVw0HEAjNSi:WQIA3RdH8hOTL9UQVw0HEAB5
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  refox/file/7z.dll
- Size
  
  816KB
- MD5
  
  cc3fd265f4242d63f804f0775c085780
- SHA1
  
  49a147bb837d62d6b24ac7c3a87bf7f8347c4cfe
- SHA256
  
  c804038fe508f3733ba5eca8d9cf8af04e7ac069dccdddabb784843daf364f21
- SHA512
  
  c226b4771db940f48b582fea7cff656f580f52ac3fe6556221badc57279c22d297bd00a724965f591d63b27e8be77fbf6efd6a9e6703ecaef8d928c9d630230c
- SSDEEP
  
  12288:qBFNZRpX2rshULlswacklsJE77SqilxbX8Kdf0OAHDOORdxQvCru/wV+CM:aFbvGshULKqu7VObXb6OAHDOOvruc+CM
Score

1^/10
behavioral5 behavioral6
- Target
  
  refox/file/Screen.exe
- Size
  
  88KB
- MD5
  
  cd4b533799b08a619a00decace42e1f1
- SHA1
  
  da06a4776f94a6ffeb7d1566a7f9a803cd0d73ce
- SHA256
  
  858234c2fea059d556f476a34fe0dc53b1211c5ffc34f35ac66e625f44b284a7
- SHA512
  
  c7d1905985e78cc1900d7a9b9dcbb83a7c6cb370f09fc63307c3379d328c68b07240dffb64def651bff4dcdc4f402089dfa99aa5860af70dbffc504ae982495a
- SSDEEP
  
  1536:6tH8po95NceuNpupWXYZEeKJC2QNHLy3gK0zwlbAJZM5L4Zgl5nKorjf:6tcu95NANpBEEZJFQNHLrjwhGK5Lkgqs
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  refox/file/curl.exe
- Size
  
  2.5MB
- MD5
  
  bc487f4730e2131be1028fb409d6cf1f
- SHA1
  
  fecee1b995f47b0d9c0403c46916c68e4829fe28
- SHA256
  
  676aaf646053ab6123f390632c441a6a50128e7575952ed10bb0f384c910a66c
- SHA512
  
  f530ef3f8730cca9996d2325fb2776e85de7b8674ec2bc07d2ec1dce97d38f8ea559f6b3104b2a575fcb2453ae80adab362aeedb2dabf7ab1feb1326d95c21b6
- SSDEEP
  
  49152:ZPPxzOJfRY4tLckRXaP3pUvuzzmiuJZ7Ois9nD5hTfxYJqzYXM30/0iT5Fqduj:ZnSfRYcLzRKP3pUvuzzmiuJZ7hs9nD5E
Score

1^/10
behavioral10 behavioral9
- Target
  
  refox/file/idevice_core.dll
- Size
  
  676KB
- MD5
  
  b439c2699a5ccf1dd0d63287f10c671e
- SHA1
  
  89c987d9238359bc888c3cf567d6e0d8de006d0d
- SHA256
  
  9d84f56195410369328173d6e0d7e138115648413dffd4a8899a1257af9af431
- SHA512
  
  7231d9b476c1e514749c1988f956be875f144a147cfe0e8201dc29aed56eccb054ce6afe86ed0549c87ac16e487318236d824429b2f82847ee018755c241d6d0
- SSDEEP
  
  12288:A2b11QhvmikfZU53PUg0P/tJMHZomTGn1clKeTXbDrkx+nIW7LI6MXXP:Shhl50PCzq+nIW7s6MXXP
Score

3^/10
behavioral11 behavioral12
- Target
  
  refox/file/idevice_distribute.dll
- Size
  
  442KB
- MD5
  
  dbcadf24d4edccedfe86f10aac1dc189
- SHA1
  
  d50453091006ff25844d2dd0c686f89d6e415e0a
- SHA256
  
  7324381ced2c9822689f7070dc7a0037402857ba21e36d4978e4e3df4435a648
- SHA512
  
  140a26339b0e554f9796131a33cb1ef4a0732ed51edcbed3ce51853b1d1459567bad8b6646982119073b0bdd9b5e583a79bfcc508bc9600711918324d1eb3026
- SSDEEP
  
  12288:htHmImEFwKKSCvuRKaiY9z8/5fP/dkyAm0YsPZPh:ht8aiY8/53/Se0jPZZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  refox/file/idevice_sslog.dll
- Size
  
  339KB
- MD5
  
  91cc4576170f4462f8a2c7c217055435
- SHA1
  
  fef7af4c969734d45da3921a32836092b575aa0f
- SHA256
  
  e1a18316219ac16f7735b621906c7d6a7f2fd9d5abd878fce12394faca5a5e30
- SHA512
  
  9f3eae4a22e2b3dc2679a464c092337635c94132ecb0aa4c4b8da02a961181bf82d35e8960934f7068528117e27dc30516b5282b0d164b79ad6e7a3c7a74f97b
- SSDEEP
  
  6144:Gs86IkCs0e+N1N5pwNVivNp2Kwi5k9TB11rZWf5+HV9:h86hVG1N2ivv2KwiC9Tv1rZLj
Score

3^/10
behavioral15 behavioral16
- Target
  
  refox/file/idevice_support.dll
- Size
  
  225KB
- MD5
  
  eaeedeb6db59f2dab4d5ebe30d446a46
- SHA1
  
  57568d6d580e8d88debea6328be5532293f5d618
- SHA256
  
  d68664d5ea2de3db5db1e3fc687f62dc8a0fd6850a2d0ff905b23adc6abc8ff3
- SHA512
  
  58bc09c49a5e6c42ff5763160aaef0c9208b484e48e31aea61a4c6c7058d9a061d7326cd9a4ba67c080a2306cc45591718b1c63618409c4019437b75c81f362e
- SSDEEP
  
  6144:H0hRMY5Y15qUbc3qbrcEkcwpPrIsN+nMa:eMY565whIsNwMa
Score

1^/10
behavioral17 behavioral18
- Target
  
  refox/file/ihelpercore.dll
- Size
  
  832KB
- MD5
  
  d23e6ff43ea670913ca829b1e289785e
- SHA1
  
  6839eed40fbbb49d1e3b8e65f7723a75fd44f885
- SHA256
  
  1f0cc96f08d90bf760b019f3631d5ef70019838c351b2f4f3573ec7ddd50fe06
- SHA512
  
  3be86e18d25999b97369dcf8482fce15cbdcfbb2cb308efa2db6b84045eb9a29faca797f2bf72f537f266d6dd6d023ec544ae4430342662d247047db908d7eb4
- SSDEEP
  
  24576:8wTWE28tBTBP/JRsCSObwZpX0TGtvA02OGHxOqdWa:1tZBP/JRrSObCp0TIA02OGHxOIWa
Score

1^/10
behavioral19 behavioral20
- Target
  
  refox/file/libxml2.dll
- Size
  
  1.4MB
- MD5
  
  cea056b5576621153af0887636e92934
- SHA1
  
  c4611a18ce995b84e0ffa618a3829cf4cd192117
- SHA256
  
  b1b3ad9622f5e59adaa883c248d7310d020f37eeb7f859fbc8699508266f9387
- SHA512
  
  a25ec56830a7743c06bef14767d4f9d4449cae0731d5e1babad76e674b6925688ebcf20aea7ed4879b8181de0f0db7fd30ac11c5c109e8770dbc77fa26b35f51
- SSDEEP
  
  24576:7ylsEVM3LO+bs4ofwTW+y0ywaJfVQf0llKuuGavkg3NyZHbbT+4IBAUZLYq:ux+9pauKlKuuGaXKy4IBAUZLYq
Score

3^/10
behavioral21 behavioral22
- Target
  
  refox/file/pointofix.exe
- Size
  
  2.9MB
- MD5
  
  9d03a14cb884d0e35a358c801f7fe5d6
- SHA1
  
  e998abd9ad03acf6344876a28fc4ff07a2d7f787
- SHA256
  
  3de5571517646952cdb843c8529531d5a56514a96149609a61a5aa6b91f4f4c3
- SHA512
  
  3e5d952325b2e798fb3a5c9af5ea89b038393b56d9dd869983c7514dce5a264fedca95c7e3fd60859bbda5f2ea42cc6f2f37f467cb03e15be2ba024f26ff40a1
- SSDEEP
  
  49152:ErdzCMQKSzbQSFWvX4iyLHrlQrRTNjdpIt:CtCMfBXOlQr7dpu
Score

1^/10
behavioral23 behavioral24
- Target
  
  refox/file/pp5oinstaller.exe
- Size
  
  621KB
- MD5
  
  b5f75550d37367020440949c0ada7bda
- SHA1
  
  bbae77fdc525024b768b1687d85d01abad94ec1f
- SHA256
  
  9cc2a58fede284745dac4cf5fff4889ec3720fd5009236c31031784683b398a8
- SHA512
  
  d727f2c05ff34e2dc8c60b6c33fb5a25fbe8a15f7fa0f8c2408f1357e2c0dc30bf2f23592888d1ff460f0eb7aa0eb6d5e29a9baa37fa3bf49ce9405640375ba9
- SSDEEP
  
  12288:TtuSSInn1RY/8Y46jIHqoZIKBHsFgmtFs:YS3n1a/GPLWKBHD
Score

7^/10
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  refox/libcurl.dll
- Size
  
  385KB
- MD5
  
  8f301456b1b5cc706ab04d63b94c469c
- SHA1
  
  175703a748fc6cfb3392e6685207dc610cc1816e
- SHA256
  
  0abd30f74906c421691bd56437278aee25f6b1d89fc73cb4fa112b0207712c24
- SHA512
  
  89af1b61649870e3842b6f9377ff93b1eb1d6e558e8f2950f1d0c880be04a0a4e26c4800c55ef89c8039195add88f5b27e614c71aaf121c9068c390c0b6667ac
- SSDEEP
  
  12288:jM58LLOqV9MCD/m5w42FbPaChrM8BjGw2qNM5BUgAE+Q+vYL:g5Ua+rFjG2NM5utDh+
Score

3^/10
behavioral27 behavioral28
- Target
  
  refox/libeay32.dll
- Size
  
  1.3MB
- MD5
  
  04d2df70b1427d4feb14d87b500bed14
- SHA1
  
  23d7944a0393d127ec2f33ec9f4bbfcf63cb8616
- SHA256
  
  f87e0d2a87c77925b0b42eabb9aa51bd1b07c29b89281ca29e1b47d174bcd1f7
- SHA512
  
  bf92e01dee43a15d4a7560de496dadee98049bc1c6d13190f4147b6d876017350f80c8281b97da6c8c23e329e40541e2eb0b4ca01821389cb58f698061319186
- SSDEEP
  
  24576:gexkqJNJKNKbmhvZ2eHAKfFmu4potqqNMxYN7N:j5JNJKNKbuvF9dF4poAq2x87N
Score

1^/10
behavioral29 behavioral30
- Target
  
  refox/lrBrowser.exe
- Size
  
  104KB
- MD5
  
  5da765cedf4b2b1d0cb8d32ce49b8b50
- SHA1
  
  868edbbc940dd97c20f569d5d23ab367fa7b0115
- SHA256
  
  c6f2fd97358ce0f0c0c9e9e46b7503c2640a4d3384313c73e79d7230ff4b7e12
- SHA512
  
  96ae4335b920cda289f8603d94e23d1c34942abc2bf5892827441d6c220fd62794fa423c9c5e70628c1f721005b0de58245c7c93f97a2da349f9f1759b7abde7
- SSDEEP
  
  3072:yboOUHbXtF/pstBaDqwONnct437Bl3N2UTboeN:nOUHbdF/p/uwONct43j92UwI
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32