General

  • Target

    Forza-Mods-AIO.exe

  • Size

    13.2MB

  • Sample

    240223-lvhypsed6x

  • MD5

    170b9031c89726d445a322689ff66ff7

  • SHA1

    e4d827a5ff30aca7783d872b03c2afd3c78e5d62

  • SHA256

    26bde4f22eaa466847881b96b4fed699f850dafe2af43f722df1e588aacbf46f

  • SHA512

    2ddb71e49e763d3067a8fd0824f8914b19e9ff1ec7e47e484c95453ec029254cc92831934a05a18803ae3ba39282a03923686f2ba9015d688fddc19d2cfbc0b5

  • SSDEEP

    98304:YbhD4ny4CVdxkYNYSFxP81Sqg15upj7P1sD8JBM:yhDq0x+SfoBg1g5j1sDn

Malware Config

Targets

    • Target

      Forza-Mods-AIO.exe

    • Size

      13.2MB

    • MD5

      170b9031c89726d445a322689ff66ff7

    • SHA1

      e4d827a5ff30aca7783d872b03c2afd3c78e5d62

    • SHA256

      26bde4f22eaa466847881b96b4fed699f850dafe2af43f722df1e588aacbf46f

    • SHA512

      2ddb71e49e763d3067a8fd0824f8914b19e9ff1ec7e47e484c95453ec029254cc92831934a05a18803ae3ba39282a03923686f2ba9015d688fddc19d2cfbc0b5

    • SSDEEP

      98304:YbhD4ny4CVdxkYNYSFxP81Sqg15upj7P1sD8JBM:yhDq0x+SfoBg1g5j1sDn

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks