5af1b698b75f1be07c45219ea7a068e2c3a5c25b3d251febbe3e15185643aa81 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FireflyAI.exe
Size

44.6MB
Sample

230612-xm3tpadc98
MD5

115f15ba89227873d49daa9d6ff1f19d
SHA1

ba88b542960028dcb977b062273008abe391839a
SHA256

5af1b698b75f1be07c45219ea7a068e2c3a5c25b3d251febbe3e15185643aa81
SHA512

6df3e8265909b410fc26b433b6cf416f715958514738c6db81953016097dceae94a7114ca908cd2a033366cbc33c3b3ccb8cd0d1915a571c7618ad12a9dfdcba
SSDEEP

786432:Ev0hrEjNiER1fFh41jm4P5THkD55ZpBHQm1SCEuB0eIDWtYQwv:KWEjrR1jKh5THkF5rxQ6F/015Qe

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  FireflyAI.exe
- Size
  
  44.6MB
- MD5
  
  115f15ba89227873d49daa9d6ff1f19d
- SHA1
  
  ba88b542960028dcb977b062273008abe391839a
- SHA256
  
  5af1b698b75f1be07c45219ea7a068e2c3a5c25b3d251febbe3e15185643aa81
- SHA512
  
  6df3e8265909b410fc26b433b6cf416f715958514738c6db81953016097dceae94a7114ca908cd2a033366cbc33c3b3ccb8cd0d1915a571c7618ad12a9dfdcba
- SSDEEP
  
  786432:Ev0hrEjNiER1fFh41jm4P5THkD55ZpBHQm1SCEuB0eIDWtYQwv:KWEjrR1jKh5THkF5rxQ6F/015Qe
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2