b2fe11b95ad6cf0b7c8471e1cd996c7fc79262c7c501ceb105a1a099fc2fa1b6 | Triage

Sharing

General

Target

FireflyAI.exe
Size

55.3MB
Sample

230710-rakjpaca3y
MD5

d35ddff45fa4cd61ffe449dc377a3519
SHA1

73975b771208b8a4a2a4476b897014394ee7f4bc
SHA256

b2fe11b95ad6cf0b7c8471e1cd996c7fc79262c7c501ceb105a1a099fc2fa1b6
SHA512

50933dce933c40a5423a981128ca44ad5cf53051bd48f1df8b95264a11915cb921fd0d5a7cddb766167ee3c9297703caea23450dbdd960bb0db7f77b1f422a0a
SSDEEP

1572864:WWEjt3tsB8ppjAkIskKTEu4hw5TiUtc4entI:WWEJ38qCkIsnTEmJtmnq

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  FireflyAI.exe
- Size
  
  55.3MB
- MD5
  
  d35ddff45fa4cd61ffe449dc377a3519
- SHA1
  
  73975b771208b8a4a2a4476b897014394ee7f4bc
- SHA256
  
  b2fe11b95ad6cf0b7c8471e1cd996c7fc79262c7c501ceb105a1a099fc2fa1b6
- SHA512
  
  50933dce933c40a5423a981128ca44ad5cf53051bd48f1df8b95264a11915cb921fd0d5a7cddb766167ee3c9297703caea23450dbdd960bb0db7f77b1f422a0a
- SSDEEP
  
  1572864:WWEjt3tsB8ppjAkIskKTEu4hw5TiUtc4entI:WWEJ38qCkIsnTEmJtmnq
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2