Overview

overview

9

Static

static

7

F.U.N/cheeto.exe

windows7-x64

9

F.U.N/cheeto.exe

windows10-2004-x64

9

F.U.N/loader.exe

windows7-x64

9

F.U.N/loader.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F.U.N.rar

  • Size

    8.1MB

  • Sample

    240327-3mq3sade24

  • MD5

    ecc7a6639579934c0c8f9fe35cd86766

  • SHA1

    895ea340d048dcc0d62cc46cca8749cfb2f44f9b

  • SHA256

    389b612690b6804bcd4b1d4104f63ae93488db39b724d30cdf497b6fd78d7105

  • SHA512

    0a7e43c1d3f7b893d49a91afc73b53ca2c13f45038b4a733c4306f93f2224389028bc4c02accee517a47b0354c91ba58ac38306bc94e9539d09bf73b0184f763

  • SSDEEP

    98304:KxzdBUmzNbxtv3qJgItc9o6LQ2f+HKY1WoOGhJAlnF+Doxyhb9dDi1vequUFi0gZ:kgyxVCWtQxAvGUFi0gpuKLoqizxw1x

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      F.U.N/cheeto.exe

    • Size

      4.1MB

    • MD5

      ec553306ef60e6602fc59733507c2eb2

    • SHA1

      8f11f87ddb5dd75ab67f860e9250d8246fa82232

    • SHA256

      6e4a3eb2339d989642e721f933f032d4cb9bf560375b7ae0f80fe48adc429049

    • SHA512

      68e9641962e22ce9e97360659ba5813637c308040dfcc7632382598914d23e20f3eb4791737e2cd92bad1e5e41f7fad406351f0ba96837e7e47d7d5dd3f53fb1

    • SSDEEP

      98304:xaSbQhN75/bsT0eifNOci5h5mGmJ+bM2vHqBLkId:0SkhNNzDfNYhUUbKlf

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      F.U.N/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks