c2940152fb7ce47fe5e2b0ffe359740900f97f297210e18661765981d971b0f2 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2024-02-24...ia.exe

windows7-x64

9

2024-02-24...ia.exe

windows10-2004-x64

9

Sharing

General

Target

2024-02-24_e7e5f03002f0d8135548717d77509f56_floxif_mafia
Size

2.5MB
Sample

240224-pn8gkacc8x
MD5

e7e5f03002f0d8135548717d77509f56
SHA1

a6fedca1845067f37607340acb40707641dfc9b6
SHA256

c2940152fb7ce47fe5e2b0ffe359740900f97f297210e18661765981d971b0f2
SHA512

e92811a381b04bd5e14beda06e6efb1057c4de49d57d1bfd3dc5c73635f712f115dbd264a5ab70020b1bbb440d02d0a41f9aa95078d351d2f6be41d4cfe5633f
SSDEEP

49152:tuIlK6ofs2hPd2l177BTK2VbDsar1YDjh:tj4fs2hPIl1/+

Score

9^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

2024-02-24_e7e5f03002f0d8135548717d77509f56_floxif_mafia.exe

Resource

win7-20240215-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-02-24_e7e5f03002f0d8135548717d77509f56_floxif_mafia.exe

Resource

win10v2004-20240221-en

persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-02-24_e7e5f03002f0d8135548717d77509f56_floxif_mafia
- Size
  
  2.5MB
- MD5
  
  e7e5f03002f0d8135548717d77509f56
- SHA1
  
  a6fedca1845067f37607340acb40707641dfc9b6
- SHA256
  
  c2940152fb7ce47fe5e2b0ffe359740900f97f297210e18661765981d971b0f2
- SHA512
  
  e92811a381b04bd5e14beda06e6efb1057c4de49d57d1bfd3dc5c73635f712f115dbd264a5ab70020b1bbb440d02d0a41f9aa95078d351d2f6be41d4cfe5633f
- SSDEEP
  
  49152:tuIlK6ofs2hPd2l177BTK2VbDsar1YDjh:tj4fs2hPIl1/+
Score

9^/10

upx persistence
- UPX dump on OEP (original entry point)
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy