Resubmissions

24/12/2023, 05:02

231224-fplvhsgbcj 8

24/12/2023, 04:57

231224-flj7hsaeg6 8

General

  • Target

    FC_24_Free_Trainer_by_pXilok.zip

  • Size

    7.4MB

  • Sample

    231224-fplvhsgbcj

  • MD5

    e3b7c6697bd1d516df0340dec74117c4

  • SHA1

    e15ea611533f6de94d7e847b36b8003b0fa3d3ea

  • SHA256

    b9d985882db502a140c56de16921e3a5a4c0e9165a6c0251c938fa9cd2af12a7

  • SHA512

    7934ee7b7211c9270116a64aa4937f2218f5159721eb983f6cd7000dadc637a02491f08e11d3ff2adf0ff8146c7734b93e6f591345a7e2dae4c0479f4088262b

  • SSDEEP

    196608:xX/kQ7Nk6/1IyQDP4/UeTMKv3jmcP3OG25sN8FyOJqM:xX//K6GzPBKv36cmG25dgOH

Malware Config

Targets

    • Target

      FC_24_Free_Trainer_by_pXilok.zip

    • Size

      7.4MB

    • MD5

      e3b7c6697bd1d516df0340dec74117c4

    • SHA1

      e15ea611533f6de94d7e847b36b8003b0fa3d3ea

    • SHA256

      b9d985882db502a140c56de16921e3a5a4c0e9165a6c0251c938fa9cd2af12a7

    • SHA512

      7934ee7b7211c9270116a64aa4937f2218f5159721eb983f6cd7000dadc637a02491f08e11d3ff2adf0ff8146c7734b93e6f591345a7e2dae4c0479f4088262b

    • SSDEEP

      196608:xX/kQ7Nk6/1IyQDP4/UeTMKv3jmcP3OG25sN8FyOJqM:xX//K6GzPBKv36cmG25dgOH

    Score
    1/10
    • Target

      FC 24 Free Trainer by pXilok/FC 24 Free Trainer by pXilok.exe

    • Size

      3.5MB

    • MD5

      9e73d93f7cd754475421a5a3f3971c29

    • SHA1

      28c9790eb8f76797b9f079350d8ccd8677b32bd6

    • SHA256

      e6f479b5d250e9156f0ec0ca04528e7fc1d83fa1d647761a8c8564af67b04502

    • SHA512

      140b5ab899c0139df31a327a7f348b7016198edc080b97902701ad293df81990ba195791e46a91d0dc7ba5b156296d00aad03e40774cef155891cc3baa73f887

    • SSDEEP

      49152:btEt9bhEl4TMG+uAylWO1HXWy9diNofhmzyjBY/JAHYCKV2gnFGW6:xEt9dEwMdMlLXBsOfoWjM/1V2

    Score
    8/10
    • Creates new service(s)

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      FC 24 Free Trainer by pXilok/drv64.dll

    • Size

      900KB

    • MD5

      7b572cee016388844223af1ae0d07f65

    • SHA1

      83f9712f44ba0b993153dcabb8ce0126a747516d

    • SHA256

      36d63d58cff70086635e32c76057b217a7cb8d4b98ef8b849b7b4608651058e8

    • SHA512

      dc7b83db0064cc9351e66f826ebe32735a9d2d4f6ecc111c9214b4d03ac3ca5658bd965ad1a692d59b5bdf04a4cc1d3c0447bf6d836f01069d064419761b27ee

    • SSDEEP

      12288:whs7/OOByldUrD6HKIB5AkK1WWIWo4J4b4zD3PRyhvIaqcMuceZDrnPtkS2yo2ws:X7//MOPdRRIWZJdX3pyhgPcNJPtk7

    Score
    1/10
    • Target

      FC 24 Free Trainer by pXilok/kdu.exe

    • Size

      320KB

    • MD5

      09014fa8df011d7a05e2d349080e4385

    • SHA1

      75e24ffba5f23eea524c6f21c8c79532c375280e

    • SHA256

      2f5b391b0742b6305bc5355127249e48410ea96870265d22fdbe544cf9c455f8

    • SHA512

      125b9c95364f6f365d5e9ac09112c69ef80c3ea3f01d4e6c8e028bc43c7234b94a764ed44b4b4d06698206545aa26f6a293405343d2c29f05b97f973a35b788a

    • SSDEEP

      6144:FdvMf+R1GH1EBJdACxBj3XvNUKZNVnZ92fk2:K01GH2TrDpL0

    Score
    1/10
    • Target

      FC 24 Free Trainer by pXilok/rxx.sys

    • Size

      3.5MB

    • MD5

      f95708e3a2ba8b78393f368e792f11e2

    • SHA1

      62d68659b2ffa6733f4ee650a4e6867dcc911e90

    • SHA256

      1c0d121d0cf1bf32b7521dd4ca197ead0973fd328fa19524564e60d02ad5f650

    • SHA512

      1e127caef40ec471104c94b2610a89b9ff32bdc2975dc2ce1792d97bc3911ec68f84b4520bb41d6fe8b9ccb4c9608c1d0a14b40dc043672b6885fa500538127d

    • SSDEEP

      49152:IKuId15Xg9TSfoD385sUNYN4p3mFv3pO4FfeglqpBgdWRGQCA9rM842K/jiwiJSm:IKly9KG3vhFvI6GbB0iGQLmDj0W2Ctut

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks