122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb | Triage

Submit
Reports

Overview

overview

8

Static

static

3

LauncherFe...v7.exe

windows10-ltsc 2021-x64

8

Sharing

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
Sample

241108-e4pdhsxrfm
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

8^/10

adware defense_evasion discovery persistence phishing privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

LauncherFenix-Minecraft-v7.exe

Resource

win10ltsc2021-20241023-es

adware defense_evasion discovery persistence phishing privilege_escalation stealer

windows10-ltsc 2021-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  LauncherFenix-Minecraft-v7.exe
- Size
  
  397KB
- MD5
  
  d99bb55b57712065bc88be297c1da38c
- SHA1
  
  fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
- SHA256
  
  122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
- SHA512
  
  3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
- SSDEEP
  
  3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK
Score

8^/10

adware defense_evasion discovery persistence phishing privilege_escalation stealer
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg
  phishing
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasiondiscoverypersistencephishingprivilege_escalationstealer

© 2018-2024

Terms | Privacy