General
-
Target
FoxOS Post Install.exe
-
Size
195KB
-
Sample
240821-lw48bswalp
-
MD5
e07a79dfb6409358299b6952600f2552
-
SHA1
b73413c974ac6a74b04954fced09648a2b4da5a3
-
SHA256
5f69bc66b594f45abd8c36f4b32ccd4c27b5e3d909927c61e4d0bb29553d8e92
-
SHA512
682dd7416d9f97c2f7241473b2c70cd32cb708d4a738d76737c185d6d0d3a7ee459a874845d12782a88eb1fe1c1d90a2304c675006920918389dfa7777b7be2b
-
SSDEEP
768:oFmbYc2FNAQBA9WFydBmu0zbbj0mxds+sY3X/J+k6tB:oFmyNAQBCyLj0m5F4lt
Malware Config
Targets
-
-
Target
FoxOS Post Install.exe
-
Size
195KB
-
MD5
e07a79dfb6409358299b6952600f2552
-
SHA1
b73413c974ac6a74b04954fced09648a2b4da5a3
-
SHA256
5f69bc66b594f45abd8c36f4b32ccd4c27b5e3d909927c61e4d0bb29553d8e92
-
SHA512
682dd7416d9f97c2f7241473b2c70cd32cb708d4a738d76737c185d6d0d3a7ee459a874845d12782a88eb1fe1c1d90a2304c675006920918389dfa7777b7be2b
-
SSDEEP
768:oFmbYc2FNAQBA9WFydBmu0zbbj0mxds+sY3X/J+k6tB:oFmyNAQBCyLj0m5F4lt
Score8/10-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Probable phishing domain
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Port Monitors
1Print Processors
1Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
2Port Monitors
1Print Processors
1