Overview

overview

10

Static

static

3

FunPev.exe

windows7-x64

10

FunPev.exe

windows10-2004-x64

10

Resubmissions

04-02-2024 09:11

240204-k5n22agcdl 10

04-02-2024 09:07

240204-k3s8zagcaq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FunPev.exe

  • Size

    2.8MB

  • Sample

    240204-k3s8zagcaq

  • MD5

    f8b3253892fbd1e56f2fc46b9b79166d

  • SHA1

    4834ed4980148055733af52834958d2884d27b2f

  • SHA256

    3581ec8316ebca52d075c8c97f22857f4eaa9e5c9ba3c4c08ec0ef57f8c610b2

  • SHA512

    6bdbbe764ebb264f052cfd43633f81dc02e22c4b14f0eec78450d56217475f983b5202ab79dbe5c9f1bc453626cfd06e4fcaa13662f99b7072338e20ddafbe35

  • SSDEEP

    49152:LekGSFyxsRbm58Dkwu2WDIxwZsjm8uV88i/O2g7QIIvw7QQZq4PXO:SkGSFsWbF1u9kxwuj+pi/c7nIA

Score
10/10
phemedronexmrigevasionminerpersistencespywarestealerupx

Malware Config

Targets

    • Target

      FunPev.exe

    • Size

      2.8MB

    • MD5

      f8b3253892fbd1e56f2fc46b9b79166d

    • SHA1

      4834ed4980148055733af52834958d2884d27b2f

    • SHA256

      3581ec8316ebca52d075c8c97f22857f4eaa9e5c9ba3c4c08ec0ef57f8c610b2

    • SHA512

      6bdbbe764ebb264f052cfd43633f81dc02e22c4b14f0eec78450d56217475f983b5202ab79dbe5c9f1bc453626cfd06e4fcaa13662f99b7072338e20ddafbe35

    • SSDEEP

      49152:LekGSFyxsRbm58Dkwu2WDIxwZsjm8uV88i/O2g7QIIvw7QQZq4PXO:SkGSFsWbF1u9kxwuj+pi/c7nIA

    Score
    10/10
    phemedronexmrigevasionminerpersistencespywarestealerupx

    • Phemedrone

      An information and wallet stealer written in C#.

      stealerphemedrone

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Creates new service(s)

      persistence

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks