f9d4b3edcdf3085dacdf7ffb3e794b53f3dc0bb5f6f227837ae5c828a97ac478

General

Target

ToX_Free_Utility_v2.0.New.Era.zip
Size

6.9MB
Sample

241113-qld1lswkcq
MD5

29e316fe90a629ff4f241e2924411d2e
SHA1

c061101cbdd214b2e4e9fd1d42a95f18ae75fc43
SHA256

f9d4b3edcdf3085dacdf7ffb3e794b53f3dc0bb5f6f227837ae5c828a97ac478
SHA512

bf2824ed87884aab5b66f7ce8e69e0abb9648fabfc0e1ea28edee26b1a6c6b9f23d94881481fe263200e0b6f3d60a0227c311b516a93695534b6edfba2ae6513
SSDEEP

196608:Z9H2mzkUH1Zsk6jDepvXdOGlRDU2ELyvjecsqENaZaHC:Ww/sk6jSpvXfvU2EL6yMENaX

Score

10^/10

Malware Config

Targets

- Target
  
  ToX_Free_Utility_v2.0.New.Era.zip
- Size
  
  6.9MB
- MD5
  
  29e316fe90a629ff4f241e2924411d2e
- SHA1
  
  c061101cbdd214b2e4e9fd1d42a95f18ae75fc43
- SHA256
  
  f9d4b3edcdf3085dacdf7ffb3e794b53f3dc0bb5f6f227837ae5c828a97ac478
- SHA512
  
  bf2824ed87884aab5b66f7ce8e69e0abb9648fabfc0e1ea28edee26b1a6c6b9f23d94881481fe263200e0b6f3d60a0227c311b516a93695534b6edfba2ae6513
- SSDEEP
  
  196608:Z9H2mzkUH1Zsk6jDepvXdOGlRDU2ELyvjecsqENaZaHC:Ww/sk6jSpvXfvU2EL6yMENaX
Score

10^/10

adware defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer trojan
- Disables service(s)
  evasion execution
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  ToX Free Utility V2.0/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral2
- Target
  
  ToX Free Utility V2.0/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral3
- Target
  
  ToX Free Utility V2.0/Newtonsoft.Json.xml
- Size
  
  696KB
- MD5
  
  d398ffe9fdac6a53a8d8bb26f29bbb3c
- SHA1
  
  bffceebb85ca40809e8bcf5941571858e0e0cb31
- SHA256
  
  79ee87d4ede8783461de05b93379d576f6e8575d4ab49359f15897a854b643c4
- SHA512
  
  7db8aac5ff9b7a202a00d8acebce85df14a7af76b72480921c96b6e01707416596721afa1fa1a9a0563bf528df3436155abc15687b1fee282f30ddcc0ddb9db7
- SSDEEP
  
  6144:XqqU+k/Rik5aG0rH3jGHdl0/IdHXpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DU1
Score

1^/10
behavioral4
- Target
  
  ToX Free Utility V2.0/ToX Free Utility.exe
- Size
  
  6.4MB
- MD5
  
  3470130cafb10478112c1d9f79050786
- SHA1
  
  50a2b632649d8b40e8e87aa772ed28893e3ed053
- SHA256
  
  b5e97f843c0c575f3058f9701d07350cd43022042aa587d1b51ebab22067b229
- SHA512
  
  3cf0b55d59a7ac666193c34abbb54692c42c98c70015c82ab65be1566977f3037757f9c6da6d4e202c2b83728a28073b6289324a8bd047eb5c2ada12c3891bfc
- SSDEEP
  
  98304:BDFtWRUoIF2fUmxaqmRRiQucR2RFRUoIF2fUmxaqmRRiQuJmVi/ICFmnH2yWmd6:dvz2fBxaqmh/2fBxaqmhkmVEICFQQmd
Score

3^/10

discovery
behavioral5
- Target
  
  ToX Free Utility V2.0/ToX Free Utility.exe.config
- Size
  
  4KB
- MD5
  
  d4b051447945580e846848ded72c11b2
- SHA1
  
  898e59d491bcbc3d77ee89ed1a76deceac7bd5be
- SHA256
  
  2171a301e13b7eb1c57dd5c61e38f899aa566c778426c1af39720354ba04d707
- SHA512
  
  1cd36e870a86c9f2dbb7ddc7103c7c35b91fbb9713a5da5cfba3eea52c5c7c43962b9bf65589df2238af47e2563a193720d4e39453107b97f38df9fcf92e6f95
- SSDEEP
  
  96:br7M7KtrwvlAvCAvFAvTAvPAvSAv4Av/AvbAv0AvAAvnAv6AvoAvAAv+AvWAvdAh:br7M7OrwaF4
Score

3^/10
behavioral6
- Target
  
  ToX Free Utility V2.0/ToX Free Utility.pdb
- Size
  
  517KB
- MD5
  
  2d953ec284717fd6a5ececf7af53f96a
- SHA1
  
  110ad2b3fbeac44d2f199d8af80bff3f4005261f
- SHA256
  
  6284da8082c172a5d5e944e5e60c497e33815a6ff72a3d59f9b2b65caa5c2962
- SHA512
  
  a668b7fab34faf15e6cc6e8c850036b0cacb6ab514c7119e085ec276122897fb5e466118d308216834c47fa75591ed957f4e4bd9f0a852e7d7e37bd666c9e970
- SSDEEP
  
  3072:txWzwyOmPrAmfOQeS+kFtJAbwsRl93XqG9W+6gE6SNuVr0TohL46gCo:OEmBeSzu93aKl0jTohL4lCo
Score

3^/10
behavioral7