Overview

overview

3

Static

static

Flux.zip

windows7-x64

1

Flux.zip

windows10-2004-x64

1

Flux.app/C...ources

windows7-x64

1

Flux.app/C...ources

windows10-2004-x64

1

Flux.app/C...S/Flux

macos-10.15-amd64

1

Flux.app/C...00.nib

windows7-x64

3

Flux.app/C...00.nib

windows10-2004-x64

3

Flux.app/C...ts.nib

windows7-x64

3

Flux.app/C...ts.nib

windows10-2004-x64

3

Flux.app/C...trings

windows7-x64

3

Flux.app/C...trings

windows10-2004-x64

3

Flux.app/C...trings

windows7-x64

3

Flux.app/C...trings

windows10-2004-x64

3

Flux.app/C...e.scpt

macos-10.15-amd64

1

Flux.app/C...ad.png

windows7-x64

3

Flux.app/C...ad.png

windows10-2004-x64

3

Flux.app/C...n.tiff

windows7-x64

3

Flux.app/C...n.tiff

windows10-2004-x64

3

Flux.app/C...w.tiff

windows7-x64

3

Flux.app/C...w.tiff

windows10-2004-x64

3

Flux.app/C...e.scpt

macos-10.15-amd64

1

Flux.app/C...x.icns

windows7-x64

3

Flux.app/C...x.icns

windows10-2004-x64

3

Flux.app/C...es.xml

windows7-x64

1

Flux.app/C...es.xml

windows10-2004-x64

1

Resubmissions

05/10/2022, 13:11

221005-qfb9tsedb9 1

04/10/2022, 16:13

221004-tpg38abgep 3

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 16:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Flux.app/Contents/Resources/macflux.icns

  • Size

    122KB

  • MD5

    81b9584d1a1d0ef80c56dabeaef3e2f1

  • SHA1

    e7b326bfa200c014a31587d9179a846aa58c403d

  • SHA256

    5e8725ac0a9d00dfe3d063ec1d939db357203a1a6035a1d6824e79cad0b59add

  • SHA512

    78c933b3797cf4dfd28d0c7084acc401d16c01ff011f0cec773e38bd1f9cbd73df721a7c260934463fd594a90ecaa0bfc41a5f1f229cd137bcf846ae2715a877

  • SSDEEP

    3072:aq6aD3jC6szSoJH8APl5XxOmp92RXwr0ENFFy:aq6avC69i8APHxvNr0ENFFy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Flux.app\Contents\Resources\macflux.icns
    1⤵
    • Modifies registry class
    PID:632
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4932

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads