General
-
Target
Forza-Mods-AIO.exe
-
Size
13.2MB
-
Sample
240223-lvhypsed6x
-
MD5
170b9031c89726d445a322689ff66ff7
-
SHA1
e4d827a5ff30aca7783d872b03c2afd3c78e5d62
-
SHA256
26bde4f22eaa466847881b96b4fed699f850dafe2af43f722df1e588aacbf46f
-
SHA512
2ddb71e49e763d3067a8fd0824f8914b19e9ff1ec7e47e484c95453ec029254cc92831934a05a18803ae3ba39282a03923686f2ba9015d688fddc19d2cfbc0b5
-
SSDEEP
98304:YbhD4ny4CVdxkYNYSFxP81Sqg15upj7P1sD8JBM:yhDq0x+SfoBg1g5j1sDn
Static task
static1
Behavioral task
behavioral1
Sample
Forza-Mods-AIO.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral2
Sample
Forza-Mods-AIO.exe
Resource
win10-20240221-en
Malware Config
Targets
-
-
Target
Forza-Mods-AIO.exe
-
Size
13.2MB
-
MD5
170b9031c89726d445a322689ff66ff7
-
SHA1
e4d827a5ff30aca7783d872b03c2afd3c78e5d62
-
SHA256
26bde4f22eaa466847881b96b4fed699f850dafe2af43f722df1e588aacbf46f
-
SHA512
2ddb71e49e763d3067a8fd0824f8914b19e9ff1ec7e47e484c95453ec029254cc92831934a05a18803ae3ba39282a03923686f2ba9015d688fddc19d2cfbc0b5
-
SSDEEP
98304:YbhD4ny4CVdxkYNYSFxP81Sqg15upj7P1sD8JBM:yhDq0x+SfoBg1g5j1sDn
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-