Overview

overview

10

Static

static

10

Fischbox.exe

windows10-ltsc 2021-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fischbox.rar

  • Size

    106.4MB

  • Sample

    241211-spbe1asmer

  • MD5

    5c9c21167a2ce4d951f0195bb365e22b

  • SHA1

    19d8c142fc4abecde99b62afbed42790757fec2f

  • SHA256

    85cb012af48072b60fa470f19c900e82ca526c960bc1c24915a326554b43cdde

  • SHA512

    76cc2f37315135187d51ec2b1b01e9553fd28d898fb548afde21aadfea2b29cc0a2a6423bad4f2db8b4e50afc18a30d4a41f4da01302ac0736b1e0e239c6893f

  • SSDEEP

    3145728:BH/YIjB/qR/6dUSE/sTCqcAAhdFy5pMXzpwEQdkoH65V:BH5pqR6dusT3AnFDwvHCV

Score
10/10
pysilonevasionexecutionpersistencepyinstallervmprotect

Malware Config

Targets

    • Target

      Fischbox.exe

    • Size

      103.1MB

    • MD5

      b94ffa303fdef481c1adccea9c6691a0

    • SHA1

      5616b1b9f8bfed24db2463c7a4527f3563e305b9

    • SHA256

      8ec64a9dd3c3c1e53fcd3fc163410def1fb256371e1418bc3643aeea52f21226

    • SHA512

      b722a7e1359e3200f7015d10a73940873424cfc44241b4535f73a8567d69dd2e4235436c50a9e62121932e988232fe3e57ea1e7d19c1e56a93f350f86af0f39b

    • SSDEEP

      3145728:8AjCRrS6xjKcBanL2qHO5iV0fnGQbRe0zJcBUJZ2:3eZSWNaBHCiu1XcB1

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks