Overview
overview
8Static
static
7FC 24 Free...ok.exe
windows7-x64
8FC 24 Free...ok.exe
windows10-2004-x64
8FC 24 Free...64.dll
windows7-x64
1FC 24 Free...64.dll
windows10-2004-x64
1FC 24 Free...du.exe
windows7-x64
1FC 24 Free...du.exe
windows10-2004-x64
1FC 24 Free...xx.sys
windows7-x64
7FC 24 Free...xx.sys
windows10-2004-x64
7General
-
Target
FC_24_Free_Trainer_by_pXilok.zip
-
Size
7.4MB
-
Sample
231224-flj7hsaeg6
-
MD5
e3b7c6697bd1d516df0340dec74117c4
-
SHA1
e15ea611533f6de94d7e847b36b8003b0fa3d3ea
-
SHA256
b9d985882db502a140c56de16921e3a5a4c0e9165a6c0251c938fa9cd2af12a7
-
SHA512
7934ee7b7211c9270116a64aa4937f2218f5159721eb983f6cd7000dadc637a02491f08e11d3ff2adf0ff8146c7734b93e6f591345a7e2dae4c0479f4088262b
-
SSDEEP
196608:xX/kQ7Nk6/1IyQDP4/UeTMKv3jmcP3OG25sN8FyOJqM:xX//K6GzPBKv36cmG25dgOH
Behavioral task
behavioral1
Sample
FC 24 Free Trainer by pXilok/FC 24 Free Trainer by pXilok.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
FC 24 Free Trainer by pXilok/FC 24 Free Trainer by pXilok.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
FC 24 Free Trainer by pXilok/drv64.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
FC 24 Free Trainer by pXilok/drv64.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
FC 24 Free Trainer by pXilok/kdu.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
FC 24 Free Trainer by pXilok/kdu.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
FC 24 Free Trainer by pXilok/rxx.sys
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
FC 24 Free Trainer by pXilok/rxx.sys
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
FC 24 Free Trainer by pXilok/FC 24 Free Trainer by pXilok.exe
-
Size
3.5MB
-
MD5
9e73d93f7cd754475421a5a3f3971c29
-
SHA1
28c9790eb8f76797b9f079350d8ccd8677b32bd6
-
SHA256
e6f479b5d250e9156f0ec0ca04528e7fc1d83fa1d647761a8c8564af67b04502
-
SHA512
140b5ab899c0139df31a327a7f348b7016198edc080b97902701ad293df81990ba195791e46a91d0dc7ba5b156296d00aad03e40774cef155891cc3baa73f887
-
SSDEEP
49152:btEt9bhEl4TMG+uAylWO1HXWy9diNofhmzyjBY/JAHYCKV2gnFGW6:xEt9dEwMdMlLXBsOfoWjM/1V2
Score8/10-
Creates new service(s)
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
FC 24 Free Trainer by pXilok/drv64.dll
-
Size
900KB
-
MD5
7b572cee016388844223af1ae0d07f65
-
SHA1
83f9712f44ba0b993153dcabb8ce0126a747516d
-
SHA256
36d63d58cff70086635e32c76057b217a7cb8d4b98ef8b849b7b4608651058e8
-
SHA512
dc7b83db0064cc9351e66f826ebe32735a9d2d4f6ecc111c9214b4d03ac3ca5658bd965ad1a692d59b5bdf04a4cc1d3c0447bf6d836f01069d064419761b27ee
-
SSDEEP
12288:whs7/OOByldUrD6HKIB5AkK1WWIWo4J4b4zD3PRyhvIaqcMuceZDrnPtkS2yo2ws:X7//MOPdRRIWZJdX3pyhgPcNJPtk7
Score1/10 -
-
-
Target
FC 24 Free Trainer by pXilok/kdu.exe
-
Size
320KB
-
MD5
09014fa8df011d7a05e2d349080e4385
-
SHA1
75e24ffba5f23eea524c6f21c8c79532c375280e
-
SHA256
2f5b391b0742b6305bc5355127249e48410ea96870265d22fdbe544cf9c455f8
-
SHA512
125b9c95364f6f365d5e9ac09112c69ef80c3ea3f01d4e6c8e028bc43c7234b94a764ed44b4b4d06698206545aa26f6a293405343d2c29f05b97f973a35b788a
-
SSDEEP
6144:FdvMf+R1GH1EBJdACxBj3XvNUKZNVnZ92fk2:K01GH2TrDpL0
Score1/10 -
-
-
Target
FC 24 Free Trainer by pXilok/rxx.sys
-
Size
3.5MB
-
MD5
f95708e3a2ba8b78393f368e792f11e2
-
SHA1
62d68659b2ffa6733f4ee650a4e6867dcc911e90
-
SHA256
1c0d121d0cf1bf32b7521dd4ca197ead0973fd328fa19524564e60d02ad5f650
-
SHA512
1e127caef40ec471104c94b2610a89b9ff32bdc2975dc2ce1792d97bc3911ec68f84b4520bb41d6fe8b9ccb4c9608c1d0a14b40dc043672b6885fa500538127d
-
SSDEEP
49152:IKuId15Xg9TSfoD385sUNYN4p3mFv3pO4FfeglqpBgdWRGQCA9rM842K/jiwiJSm:IKly9KG3vhFvI6GbB0iGQLmDj0W2Ctut
Score7/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1