a433b717fdb270dd0783f0f743e433f48ee33c77cb3825d75858bd7bc2322174

Sharing

Copy URL

Twitter E-mail

General

Target

F.U.N.rar
Size

8.0MB
Sample

240427-3t5jrabf31
MD5

3e70cc639a78cfb45b762e788af40d17
SHA1

585175347ef2d01755353db6bdb5d752ae8d7aea
SHA256

a433b717fdb270dd0783f0f743e433f48ee33c77cb3825d75858bd7bc2322174
SHA512

15cc2b2601993cd3115909ebae09f4df4d61f5addcdafc2baa415074b4d0e592c0570e2da0324a79a8fbaf0915b6293a7ab159a075c8f9b625b78193108d7e34
SSDEEP

196608:WeIQoG+DeSrTntJex24WeFxAvGUFi0gpuKLoqizxw1U:WekrTn6xN/A+UA0gxLonzR

Score

9^/10

Malware Config

Targets

- Target
  
  F.U.N.rar
- Size
  
  8.0MB
- MD5
  
  3e70cc639a78cfb45b762e788af40d17
- SHA1
  
  585175347ef2d01755353db6bdb5d752ae8d7aea
- SHA256
  
  a433b717fdb270dd0783f0f743e433f48ee33c77cb3825d75858bd7bc2322174
- SHA512
  
  15cc2b2601993cd3115909ebae09f4df4d61f5addcdafc2baa415074b4d0e592c0570e2da0324a79a8fbaf0915b6293a7ab159a075c8f9b625b78193108d7e34
- SSDEEP
  
  196608:WeIQoG+DeSrTntJex24WeFxAvGUFi0gpuKLoqizxw1U:WekrTn6xN/A+UA0gxLonzR
Score

3^/10
behavioral1 behavioral2
- Target
  
  F.U.N/READ ME!.txt
- Size
  
  661B
- MD5
  
  a3aff19e695c6b5f18e829b8aff430bd
- SHA1
  
  d8b42c28dee87e5eb73797492558deb475ea8bcf
- SHA256
  
  3836013cf665ab5782d933e9807b962b38429f02f1ed8a1820783121f038823d
- SHA512
  
  ffdb93bd2ab63044c2fff53d5010fc3ca5954c9b9be59bbeb705f856ba8d3e0ca523768af78ca7d8bd74d594cc75be13adaa067cecfa8d891b5de35362b23bde
Score

1^/10
behavioral3 behavioral4
- Target
  
  F.U.N/cheeto.exe
- Size
  
  4.0MB
- MD5
  
  a845ed96ffe13bcb8cdeb3d7d8acb272
- SHA1
  
  381f00cc8aeff1e4a84812ce8f0b574f3fc9b158
- SHA256
  
  3412caf95e6244db7c27bcc863f3e696b6a97d903b78065428cc4805381446d7
- SHA512
  
  c568a2788c843de6b91ed9f0df1f14ef5a1817871cab12267c8cbab722464783f4731b3cea17e7b89fd5695101f9e89ed0bd0f7e028b9c09f17a2d2a8d418c29
- SSDEEP
  
  98304:k6t+F5JfI1y+uGFMMU5U5jBJyXRy8ebQN2Knr69USNpBsEF:k6t+BA6GS5U5dMXibO2KumSbBsa
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  F.U.N/loader.exe
- Size
  
  4.1MB
- MD5
  
  9ecdc9ed1bea6c226f92d740d43400b9
- SHA1
  
  b5b5066cd4284733d8c3f3d7de3ca6653091ae10
- SHA256
  
  60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
- SHA512
  
  30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
- SSDEEP
  
  98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets service image path in registry

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8