Overview

overview

9

Static

static

7

F.U.N/cheeto.exe

windows11-21h2-x64

F.U.N/loader.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F.U.N_1.rar

  • Size

    8.1MB

  • Sample

    240310-vh1gnagh7t

  • MD5

    209d61724b1edc830b7c994cd786d86a

  • SHA1

    2b2e1c4d3c3ff11f22998507db69c5e4cc5d422f

  • SHA256

    e45f0f1f99c8584e278ea6fb9551f488befed7a9e70855eb60ec9c45a6e8966c

  • SHA512

    44c1dcf30a8c1b64ee5529c18adf57a5d03b13451f77a94534ad0531c923d14b02043d1040cdfe143402ed9741709ff87163099d7a2dbbabbf4f7ae0647f8a44

  • SSDEEP

    196608:xMr8q7UD3LrCDsBujLUh+oy/TcLS9ypLYLhbNAEd:UtUD7rpSLLotLRVA/Fd

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      F.U.N/cheeto.exe

    • Size

      4.0MB

    • MD5

      b82b409f4f461c6d7dc322628e17cb03

    • SHA1

      7380d4bde69fb3d46436d6beac522b826fcfa409

    • SHA256

      1d9a9975c321ddce889f12c6272940992f201d4862e252408f0016a60df56ce8

    • SHA512

      cdb4983fc1d4941f8fbb59a4642001ec66f8889c1238989c652b7b6f4e29721520f8c54e377a6794c3418e9549e12609d7a482d774f14894f863798c3198f12b

    • SSDEEP

      98304:w+m9yDaJOCOxWp0r5bX7fCRUYXXHym5dJoq:Nm9yyOxxWerp7eNnHh5boq

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      F.U.N/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks