Overview

overview

8

Static

static

3

File-Fly.C...89.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    File-Fly.Corp.v1.0_33289.exe

  • Size

    2.7MB

  • Sample

    240119-wh338abacl

  • MD5

    47c6248c61d27d2aac02299568dad8f5

  • SHA1

    87d5d2b6b9e7b6f7fdd316eb500987fbf8cd13f0

  • SHA256

    7161051f2cda2f3184ea630735ddb9929951d324dae53860b08f540eebcb5c43

  • SHA512

    38270f6fd07749740deefe4ba1bdf6b5ff6209a7bbb9bc05d027d3071b8ec1697186d0bbfe5384d4626673249a760d67db64e9bea6e5859ccdf1c0550aadddc2

  • SSDEEP

    49152:7kQqe5vs+HbhCc7YvgLPkLUX0FilDCIr1QN/Way:7kQqeJs+HbhF7YvMvUiMI+Oh

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      File-Fly.Corp.v1.0_33289.exe

    • Size

      2.7MB

    • MD5

      47c6248c61d27d2aac02299568dad8f5

    • SHA1

      87d5d2b6b9e7b6f7fdd316eb500987fbf8cd13f0

    • SHA256

      7161051f2cda2f3184ea630735ddb9929951d324dae53860b08f540eebcb5c43

    • SHA512

      38270f6fd07749740deefe4ba1bdf6b5ff6209a7bbb9bc05d027d3071b8ec1697186d0bbfe5384d4626673249a760d67db64e9bea6e5859ccdf1c0550aadddc2

    • SSDEEP

      49152:7kQqe5vs+HbhCc7YvgLPkLUX0FilDCIr1QN/Way:7kQqeJs+HbhF7YvMvUiMI+Oh

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks