Overview

overview

7

Static

static

3

TFTUnlock-....3.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TFTUnlock-2024-v4.6.3.3.rar

  • Size

    274.9MB

  • Sample

    241230-bxveeatlel

  • MD5

    3eda8bee7eb8d3d008fc7309636c5908

  • SHA1

    475287d749a934520d8165422ca1749e5f63207b

  • SHA256

    33f193dbd25b5b0769d650ce926cd3b3ae0e7ce4802c0604a400bcc437a7a482

  • SHA512

    f96d616a5a5e3a419c6da72f3c7da16b52c9b6e9f6ba934f13dc8ed4a4ad3d5bce37b7b3a3e05132f367e45ae32d4d02b77e35dfa48286c6a0f62f00f8ccbb2f

  • SSDEEP

    6291456:o91FJNx+NsjGPr/KJEGWH9sJ9Hkt+oeRHdyUUWSAH93n:OF7MNoGPrSTO929Hkt+kU193

Score
7/10
paypaldiscoveryphishingupx

Malware Config

Targets

    • Target

      TFTUnlock-2024-v4.6.3.3.exe

    • Size

      275.1MB

    • MD5

      59d403d2d36cae162b7c81551aa2d1d4

    • SHA1

      f5484188c614f178a034b510e7e28a93728c3752

    • SHA256

      359282f3228aee35ffa9df86a6d8eec0b9bc7492ac14bdb2160c7e993788b87a

    • SHA512

      d3ca3a4843b81e8d07c87037321aadd956477a7b00e0672bada0b0dec9352f2f883fef9f629923ef893800fefac1c864019887939568c38a0896bee8ee00c84c

    • SSDEEP

      6291456:qy3Xe/Znta8YWK9OGBv5TDwo9bxzg36D903v7DH:7XwZtmWKoGvN5g8o3H

    Score
    7/10
    paypaldiscoveryphishingupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand PAYPAL.

      phishingpaypal

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks