General

  • Target

    foxiwareFREE.exe

  • Size

    1.4MB

  • Sample

    240525-2r57tsdd3t

  • MD5

    82d04df0038256b515f5278f71e111fd

  • SHA1

    5c470751c3191f38792dbb1bacbc35734b5feaa7

  • SHA256

    e1b3b00ddbe6a9d43c87ad9e77885bdcadbc06616be6c3be241c5d92b455aa5f

  • SHA512

    2db2f6609f3d0325d61a283cb145ec62b490466c02e1a281fbc10268e5d7ffd1175e407c0ca6d74918164e7370aaa0080f9c721072c41490632b16a41ac8c778

  • SSDEEP

    24576:3OwLIXlxMawViU0fQOWOxeEeQ+MwkbaJ6JR31uUjBGFp9NPkK0:3JLIXTxwViUkQkM2cQPEUjBGj9NP

Malware Config

Targets

    • Target

      foxiwareFREE.exe

    • Size

      1.4MB

    • MD5

      82d04df0038256b515f5278f71e111fd

    • SHA1

      5c470751c3191f38792dbb1bacbc35734b5feaa7

    • SHA256

      e1b3b00ddbe6a9d43c87ad9e77885bdcadbc06616be6c3be241c5d92b455aa5f

    • SHA512

      2db2f6609f3d0325d61a283cb145ec62b490466c02e1a281fbc10268e5d7ffd1175e407c0ca6d74918164e7370aaa0080f9c721072c41490632b16a41ac8c778

    • SSDEEP

      24576:3OwLIXlxMawViU0fQOWOxeEeQ+MwkbaJ6JR31uUjBGFp9NPkK0:3JLIXTxwViUkQkM2cQPEUjBGj9NP

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks