fbcf2757ae185b737e980435ffbdaeed4c722629a3d2a56b62bfafdcd44926ce

Sharing

Copy URL

Twitter E-mail

General

Target

fbcf2757ae185b737e980435ffbdaeed4c722629a3d2a56b62bfafdcd44926ce
Size

4.8MB
Sample

240701-fjyxwszfmm
MD5

ef69b75519724af3fb7da61af591df40
SHA1

63a38efae3aba8ec731eafaa5f6aa5eba6069aa0
SHA256

fbcf2757ae185b737e980435ffbdaeed4c722629a3d2a56b62bfafdcd44926ce
SHA512

759867a235841739887686fd7aca368cba09ffe4e533cf54eeb8801940ab0ccc1b7c6816e16a386fbcbb82d14ddf274245d53636443dc886c7f64d6d49c43360
SSDEEP

98304:66Q2rqI0O7L41KUOY3Aqrvj99849cOjk2WQV14ayHLQ3AI:66Q2rqI0O7Lfa3Aqrz849cckI14FMn

Score

10^/10

Malware Config

Targets

- Target
  
  fbcf2757ae185b737e980435ffbdaeed4c722629a3d2a56b62bfafdcd44926ce
- Size
  
  4.8MB
- MD5
  
  ef69b75519724af3fb7da61af591df40
- SHA1
  
  63a38efae3aba8ec731eafaa5f6aa5eba6069aa0
- SHA256
  
  fbcf2757ae185b737e980435ffbdaeed4c722629a3d2a56b62bfafdcd44926ce
- SHA512
  
  759867a235841739887686fd7aca368cba09ffe4e533cf54eeb8801940ab0ccc1b7c6816e16a386fbcbb82d14ddf274245d53636443dc886c7f64d6d49c43360
- SSDEEP
  
  98304:66Q2rqI0O7L41KUOY3Aqrvj99849cOjk2WQV14ayHLQ3AI:66Q2rqI0O7Lfa3Aqrz849cckI14FMn
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f7b92b78f1a00a872c8a38f40afa7d65
- SHA1
  
  872522498f69ad49270190c74cf3af28862057f2
- SHA256
  
  2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
- SHA512
  
  3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
- SSDEEP
  
  192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/ulicense.rtf
- Size
  
  80KB
- MD5
  
  8c7f512cdb1b21e01ce120a0b2806c53
- SHA1
  
  f1cecc74193bb17dd59a1fea492b9144809c2445
- SHA256
  
  a4ecc43c48d029afa62afbac5923fc2d1b5a031190cf97f0e6953684e0f9a9f1
- SHA512
  
  12a673d2ea3910460132e016eb8fc21022c7134430a8c775e288df41f9fda029a97f0223892f62f62c40fcdff41d013828aba8c551f43ca97a37aef57b8bca06
- SSDEEP
  
  768:0eejrI4LvyVoaXMDe4MhxR+RpR+JWxR4zhc7AOB4BjLW5qojflMeI/Z3VRVx9BUZ:0hApce0Fy8Qo+6+Wp
Score

4^/10
behavioral7 behavioral8
- Target
  
  FarmFrenzy3_America.exe
- Size
  
  2.2MB
- MD5
  
  fb831b4880832939cb71438709315419
- SHA1
  
  adb4898e9cb378d85e3a8aa9687a83ab57f8d0a3
- SHA256
  
  45358426457118f34ec7b91f181164ce7f7713f136329c78d9f3f331c209b441
- SHA512
  
  41449b6f46bfb2c4b3f27066ee641219698f6a61913713e0225dd6746937a33f5e921f1a5c1b0aee6cd7e33761a093e2d711eae8d3d8520e62c364be477b601c
- SSDEEP
  
  49152:fsZFqt6yszz3ZYWyoTLPFJn6OVlTmJMBnulCVtsYo5:UmY/3vyoTjFJ6OnTWMBulCPs
Score

9^/10

evasion trojan upx bootkit persistence
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral9
- Target
  
  FarmFrenzy3_America.wrp.exe
- Size
  
  5.0MB
- MD5
  
  5443b67ebf77f2327f6904d2a4929427
- SHA1
  
  740d997dd8af072b2ea11fc16c3c96fe7d405403
- SHA256
  
  71ec15d0eedef28013fe72b6ab735f8eaf79351d26b69b7db0b22f5d1bafb0d3
- SHA512
  
  37d233cdd3c3d4e99e02e2bf7f4b83cd4dfdc9e7e1713e9a9143a7a03c5d97a96c4161809358d9764c75e4404eca759f6a747fdbc084dfdb00922ddd84f138a8
- SSDEEP
  
  98304:D6ISy4lkXJXwbr6raHv4k2W5vR/lhwkPCHM:D6ISy4lkXJARv4k2W5vRbwkx
Score

1^/10
behavioral11 behavioral12
- Target
  
  JNGLoad.dll
- Size
  
  372KB
- MD5
  
  72c5553b89524c3a58dfe91b2cece127
- SHA1
  
  197f914f5738062d12688fae0449c3723c8f5b46
- SHA256
  
  a10fb9c5245421719366ff60164fbdcf5b7d78f9725801163670b398c874f80e
- SHA512
  
  1705f792f7b869cc0e093b684c98b0b95384d3523fa8477c140b9e03f907971c147ff55b25257d63d69a7cc673f4acedffef9aaabe77540746a74f6727f45dd0
- SSDEEP
  
  6144:QRRdzxh+PgrtcbvnMnH23YcpbxwvTAc5O1hU+aYzTBav+nAOqvR:QRRddLGTZocpOT/5GhU+ayTov+n
Score

3^/10
behavioral13 behavioral14
- Target
  
  Squall.dll
- Size
  
  480KB
- MD5
  
  e4450e7fd70c4c576a299b5ba945dea7
- SHA1
  
  f6b57a3566136074f55e4ced67e20f831096a15c
- SHA256
  
  712eab657dd5b2b50014a4fb678f69ab1ef461215d68f7fe621f048ec5da5021
- SHA512
  
  66bc907f031de9fc85688cf5717005a639affe44c93afbf499bec477332a2001bd2f186f6beefd866ba1533ed5f26a810f8b8607dc82ec707f5fc1b6e570568d
- SSDEEP
  
  6144:bo/mdugIeuLAoakz1bxJ5zwe7RCEtW+zn/eWv5LpTB3/V6MTmiW5hUyrddfrR0Zy:bokYAoakz1H5zv97xpN6oEsyXV
Score

1^/10
behavioral15 behavioral16
- Target
  
  htmlayout.dll
- Size
  
  681KB
- MD5
  
  cffe21f7cfe677eec54b8d8020ef0690
- SHA1
  
  580b995f8d370d25cbfeb5dc633f6eec68e7cafb
- SHA256
  
  9cf74cd193f4fb530c530d4f9feff9ec81a24a5c5922998101657128de771b0c
- SHA512
  
  a74bd3b8ad64ea6bd56aafcc71eac85f47ea164b025e8f700177f53a9d37ad2ce718dd265c93e525ef6bff06d7ac39e4e2a8337a55ca668a665313eb1ae01dd2
- SSDEEP
  
  12288:gLugumxc7DzzM1POf+8WmysE5SgQ11D3XVUuK8bFe+airYt/IOsyuW+dvL:gKge7PJf+8Fys6Q11D3XVULm4+aisSOc
Score

9^/10

upx
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  wrapper.dll
- Size
  
  655KB
- MD5
  
  e1656d25f53820e291e60093f8e8bc41
- SHA1
  
  1407ef55c30de78b3b5f3e4a0042281ae9d55831
- SHA256
  
  367fda11631296caef0acad26cfed7d0934475eacb8349c1c209a575bf547cb8
- SHA512
  
  5407d8605a1405759f824e10bd748671d057eb477b8feed5772e62fa55f67df10ed643a7a7f90562db3782461291b61b452d679453888d065e0c8bafb8791e7f
- SSDEEP
  
  12288:3lTILolEZuvuVJBK9ONOkx2PAUv0vWPdcef6WKqC1bBTzBS0ncQ:3lTI9nhOkUIM0qNf6WKNJB1cQ
Score

9^/10

bootkit persistence upx
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

UPX dump on OEP (original entry point)

UPX packed file

UPX dump on OEP (original entry point)

UPX packed file

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20