General

  • Target

    cFosSpeed 12.51.2533.7z

  • Size

    5.8MB

  • Sample

    240601-ds6yragf47

  • MD5

    e68853d8aa376028d62d392e6fad9987

  • SHA1

    5f95f4896b194f9f689d8f2558270159c5ed1cdd

  • SHA256

    c540b1ea9074cada38693cddec36f0d0b5583aed6fcaabcbd0b00caa67d3a4c2

  • SHA512

    e3668e0445362d010ebbe596ee4c875bddb57a76f0dc724e82a1583f8401929b8bc64d93e8836844977935956e21839fde321c8abda75bc194ae12decfe0d570

  • SSDEEP

    98304:krttIJOE8/nRa7WuJMFVAepc0ixGjWXlUUhDJIzdjrobyZcCOXR/jAwl3T8:GttvpRFudX0jilbdqjrobyyp1l3I

Malware Config

Targets

    • Target

      cFosSpeed 12.51.2533.exe

    • Size

      5.8MB

    • MD5

      bbb0973708862723cfea79c96f17120b

    • SHA1

      3ebea58c654820a7266ec4e50c61704d60ce10c6

    • SHA256

      5fabe7e0b6bde0145863e1d199f5431a9787821738ac177d5b99743117bb322e

    • SHA512

      5fcda7ce037a990b4e4072290b92a48de08444d782db83636bfe9a5339e9036149716f19617ebb8866f3ad4ba60c4d6f64ffe71a56e589fb79e0a2be4e435d94

    • SSDEEP

      98304:HpsI+4u6JCX3dB6TOQ9PxOvdy+6iyFUQ77sOU0rrywpmg0bomp4eK5Zphau3yJD5:GI+4uTXt+9JOP6jFUQ77sO7rrrYRbtVh

    • Downloads MZ/PE file

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks