Overview
overview
9Static
static
9Fetion/@�...��.exe
windows7-x64
3Fetion/@�...��.exe
windows10-2004-x64
3$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3Fetion/Cra...er.exe
windows7-x64
3Fetion/Cra...er.exe
windows10-2004-x64
3Fetion/Dyn...l2.dll
windows7-x64
3Fetion/Dyn...l2.dll
windows10-2004-x64
3Fetion/Fet...ch.dll
windows7-x64
3Fetion/Fet...ch.dll
windows10-2004-x64
3Fetion/Fet...ct.dll
windows7-x64
3Fetion/Fet...ct.dll
windows10-2004-x64
3Fetion/Fetion.exe
windows7-x64
3Fetion/Fetion.exe
windows10-2004-x64
7Fetion/FetionExt.dll
windows7-x64
3Fetion/FetionExt.dll
windows10-2004-x64
3Fetion/Fet...st.dll
windows7-x64
3Fetion/Fet...st.dll
windows10-2004-x64
3Fetion/Fet...sh.exe
windows7-x64
3Fetion/Fet...sh.exe
windows10-2004-x64
3Fetion/Fet...rX.dll
windows7-x64
3Fetion/Fet...rX.dll
windows10-2004-x64
3Fetion/Fet...nt.dll
windows7-x64
3Fetion/Fet...nt.dll
windows10-2004-x64
3General
-
Target
fe7e17ea6bdee70677a162cff9654a1b_JaffaCakes118
-
Size
18.7MB
-
Sample
240929-padp2axbke
-
MD5
fe7e17ea6bdee70677a162cff9654a1b
-
SHA1
7b68282e961b1ceddb77a296507097ca10d4a331
-
SHA256
8b165ed56a818809871aafcfcdab1e36b8a1b5fc5545ea8d23e1ebdd73c98b94
-
SHA512
41c1856c61a5fe31a713a2f3bc10fdaa282e9dc36da638835775b26d451bb4f72495efb5cb8d99adc15988aed28e790cfe01300aa4c4fd66d93caea1374e2fb4
-
SSDEEP
393216:wyt8VDilmI38DouRrJtmSJfgcLnLNkimB3L0wE++6bvtxLrLP:bt8wV380mmSjzhktpLK+7HLrLP
Behavioral task
behavioral1
Sample
Fetion/@绿化工具.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Fetion/@绿化工具.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/linker.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/linker.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Fetion/CrashReporter.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
Fetion/CrashReporter.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Fetion/DynamicGifCtl2.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Fetion/DynamicGifCtl2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Fetion/Fetion.QuickLaunch.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Fetion/Fetion.QuickLaunch.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Fetion/Fetion.WebDetect.dll
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
Fetion/Fetion.WebDetect.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Fetion/Fetion.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Fetion/Fetion.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Fetion/FetionExt.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Fetion/FetionExt.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Fetion/FetionJumpList.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Fetion/FetionJumpList.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Fetion/FetionShow/AvaFlash.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Fetion/FetionShow/AvaFlash.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Fetion/FetionShow/AvatarX.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Fetion/FetionShow/AvatarX.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Fetion/FetionShow/Document.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
Fetion/FetionShow/Document.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Fetion/@绿化工具.exe
-
Size
160KB
-
MD5
eb8a98d20e9758d312b94c95f994e8ff
-
SHA1
0268ff48488690074d31278e26a3a9fa7bc9a8d1
-
SHA256
9ce6059114bb9253cfd739d3aa1d4e289a630c61520edeac815d861ee18cc664
-
SHA512
33bee2fda86e172ba8d665f7347409306d8c4aeb831e331765a3e9873c4d5c638c8d87bd0f38faab2c821f88ebcea64b557ecdfb748f54970c4a052186467e35
-
SSDEEP
3072:xdRY5hG2QC1J/JJw434OCt4iCSIAql7m3N1KLPV2VaXKgMfKwwo4vvt:x3Y5RFoIACENSPVeaSwJl
Score3/10 -
-
-
Target
$PLUGINSDIR/ButtonEvent.dll
-
Size
4KB
-
MD5
fad9d09fc0267e8513b8628e767b2604
-
SHA1
bea76a7621c07b30ed90bedef4d608a5b9e15300
-
SHA256
5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2
-
SHA512
b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
107737e3282fefd85684f2fa3df6d1c3
-
SHA1
3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f
-
SHA256
21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0
-
SHA512
439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4
-
SSDEEP
192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
0ae9c427fe7bbbbf1368c1c6d3933ae7
-
SHA1
c8e5131613302531c88512dada29a18886259268
-
SHA256
49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
-
SHA512
59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
-
SSDEEP
96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
Score3/10 -
-
-
Target
$PLUGINSDIR/linker.dll
-
Size
6KB
-
MD5
8450b29ee8d592c208ba1aaf6ee50267
-
SHA1
75096da057bc85cef63bb0eec168652ea75cf618
-
SHA256
53aa57e582dc56421c1191a0a9efac9c36960b903b7d825f3b9682605ec2b612
-
SHA512
d23a3057053a1f36f5eb212ae0b09b9b0b41e50b8a6a20bbc46c12c51199ad0bca741bcce17534488158e8f2b9470dbdac2aa059688b7588a05778c40d461039
-
SSDEEP
48:q/XgJspkvsIWyuS3fyVLkmqbIWXGuDNcGo+FLtLFSfrPIk2vIhll:4gJsFIWjS3qVomqIixo+9tLFUr4vMl
Score3/10 -
-
-
Target
Fetion/CrashReporter.exe
-
Size
704KB
-
MD5
6417ab969b9a1ff99936d357fa2ea5a8
-
SHA1
fff6527bd2d95c9204f689f5821c0b4ee7296c04
-
SHA256
971d1acc2f059c12c498d31ccf210446ac5b337df9785cbe89bb17b7a61b29e1
-
SHA512
5766df1f80fe40d0e36aa5ce8d835740d660bcec45ab8f41ac919e8e40cd0a50511e8dd212ee9524f14b311b210f4fc1302319dff28c897f36d93c897f4f2919
-
SSDEEP
12288:RmH2QcL0PGieV0yPecDGFMu5IkUMR1EtwJ+pxMec9THIeovQvrI4/R+530:shcg2V0yPecDGFMuVR4w9X9TJovQvEu3
Score3/10 -
-
-
Target
Fetion/DynamicGifCtl2.dll
-
Size
184KB
-
MD5
245e160da3d09b6af36465f026434c77
-
SHA1
613ff234ca9210e41831e4fc9a5cf4692b2c28d8
-
SHA256
101e3e140e44fccc07853880594db42eee32c4d0cd4262597e80c1b31d379b55
-
SHA512
a4d1d1eb8a18addb6472b23de8e5f8d23a1dd3a97733c56a56d2fc9b6993b3285c1e9fcaa1356349716467b6d9ee660089698e24092798a8b8a2110ac48b0fa6
-
SSDEEP
3072:o+CNVO9qGZ6I9WwUS8g7flhrelMmsvYuRHtFNtu94thoeEUQ6k:ZSOgGd9WnS8eXep0XNtu9l7
Score3/10 -
-
-
Target
Fetion/Fetion.QuickLaunch.dll
-
Size
82KB
-
MD5
8b285064ded6293c5dadd13e44a6f5f0
-
SHA1
7103817b536b2a24801f1aa16eb96a64bd61bbf1
-
SHA256
55e4d5fdc1ccaf2d74255c4348dda1f988e675e5fdf33c18ec6e31a7ba32d161
-
SHA512
e398031dc3ef29f22101a19ea52bcc66dba50681df38d5f6cd3d02808c3889f041b1499e3129d15f4eb3d6854ed16ca510bee7e3b5d3c8c9b0d938087c479a3f
-
SSDEEP
1536:mmSQ95rqGdZ5H+75xPAqILi/2IslO16y+Z1w6Z41AARH0jaFCL:qQTrqGz5W5VAqWi/2IOO16BZ1woEAARC
Score3/10 -
-
-
Target
Fetion/Fetion.WebDetect.dll
-
Size
120KB
-
MD5
6866206fc105023ad84ee49e944a44de
-
SHA1
db3af8615b8e7af640689faf41facdadeb817494
-
SHA256
dc55378e2528b7d2c471297c5e3b6bcf3317b90e0a91b876179c17e8086eb369
-
SHA512
36668a642ab5f47520339568fcc66b973564a6736b1c9b3cecb73a40eddb76b5c20f71f50e11823cc79c1b82a48a0e68f25a9546cc1f6a8513fe64579c8537f3
-
SSDEEP
3072:nf9SEiJBe+eBOBxsGcCY9lqzyD58zaKVe4M:YEjBOUGcCYGNhzM
Score3/10 -
-
-
Target
Fetion/Fetion.exe
-
Size
23.5MB
-
MD5
995b2653753911f079697e684a4b1261
-
SHA1
ad5f64b0c324a84533ef3848b72202df5bcba62e
-
SHA256
71cf20d7b069079bd0ae903020bd32644ab7d6900205b03b4ac6cd762a1f21ae
-
SHA512
04695764fb2e8a3a78b6407d690843a72e956877100a2870b42b78da24dd1a1f0efd3b4564e699dbd93950f3f7a0c08a9446df5faea84db004933dfbd13334a1
-
SSDEEP
393216:Dr5+xDh84Y+e3e2VESVp1Av8EhhtxvXDpKlo/79L1yRXAKsRLxIbEEM:DFS84jY1w3xvXDtxt
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Fetion/FetionExt.dll
-
Size
74KB
-
MD5
b955d04238db300a975ff4e52020c50b
-
SHA1
2dba56db2c2cd4cea77ac4036b89253339ce5259
-
SHA256
2e2c0f2ca7d606ceb41e3a3f66d12c7defcc6d8030b175d3f4b44d13d34ade10
-
SHA512
fff4a3e64597fe0b47ad73abe22b722cb90e52b54d34b733c0e53611c57d8e2cf5bdbc5b5620c956d66328ecb7c2287f1277f7fea4361b4911d572a373ca6c8d
-
SSDEEP
1536:7J+yg4NAC7c6NxH3jpZKaAN5Qg5rdlO11jThAtvUVE/tCUJ9ZE/n:7IyhN3ccxl3ubNO11jThAlUVE/MUJ9Zw
Score3/10 -
-
-
Target
Fetion/FetionJumpList.dll
-
Size
16KB
-
MD5
e747a1937cd91000d208e08affd1bea1
-
SHA1
b2f40e4a33441f94c5de6e93a2f65d64fd23c255
-
SHA256
12c59a7c52072e73ee89af003638d55bac3260cdec20bfef7ddeea9475f8c66d
-
SHA512
437d91899b5b275e1f73d1c7e10fff138ddac44a10db7021f0eb48d2aa9ec94de01074a5ebc63cc100744c0747150afe1053f71d4c90482ddaa0f8513b29f174
-
SSDEEP
192:fWbQaAGUjS9q/d/lHGH09S9P6UdEx1PqUIzI0WmsG7aOR3XFVR6y6GVpWSD:+Ln05li9SCWcRWBG7aOt1V5hVP
Score3/10 -
-
-
Target
Fetion/FetionShow/AvaFlash.exe
-
Size
107KB
-
MD5
2ea066769cd8120420242bf8823fad1f
-
SHA1
073428841595a1bd47e2d314c00474b1ed353584
-
SHA256
40639d3a610088f5d04ac2e7ec05a5c90ee02950e5626f10435badf19adbc401
-
SHA512
47c250189c4545be8cace7b144772fadcc2f55d0866bd05d10a522042dbfcd65e5a14cf61238a8847b1e8e5d8d5cdac9626a6f3afc0d2cec4da049dc7efc1069
-
SSDEEP
1536:L7nLD/7ZAJEpEHgllYbaB60rdNRUYML/6PHfDovGytOmttHFCS:L7nn/7SRgMbm6Q4LcHfSGytOwHT
Score3/10 -
-
-
Target
Fetion/FetionShow/AvatarX.dll
-
Size
260KB
-
MD5
592b84c788fd57494fdb8904bc108986
-
SHA1
d7e64a3e25c0aef1d536c697976dd51d97f5b6c9
-
SHA256
fb4957a3110340e1fa48144b2e6d47ba838db3b726b4521379608932121172a6
-
SHA512
6dfa534f1509ee478328a0f0ed31517b002175e6ba983171dd40c42ef3913b85efcc088c8e8182a5aa3ba90328ffe7c565a395fb3378f9df527376ed8a5d46c7
-
SSDEEP
6144:AOR2WUMYNd0sizDLMdQ5EedWq7q/+Cs609YpCj+zIr+C9p06snIn:0b+jz7AIn
Score3/10 -
-
-
Target
Fetion/FetionShow/Document.dll
-
Size
516KB
-
MD5
b39ec97284ac5afd2840a45349d1a36e
-
SHA1
3e5542372d3226f84b00174caae7bc89d6ac15ad
-
SHA256
bcd4426b2b5d6ae4229dcb978339f68c89bf13cafa1cfcc302bdafe1a4b8ee38
-
SHA512
2ad68cd39f6145218cd7d1c04999770d914d35b9fa7ca6eaa2ec07050a4e6aa06b8a5729ae6af0215dbbec66d204f79942ac5c95b9bc0f00ef2ac9d461cae349
-
SSDEEP
12288:cFhBop+peGbtWVdLLEBy3vN6AqinzY39yRZewWaqj0:cjBop+S3vNPnzY32ZjWaG
Score3/10 -