Overview

overview

9

Static

static

1

2024-04-17...ia.exe

windows7-x64

9

2024-04-17...ia.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-17_b482e0b4ed1daff702e9e8c71e44ef8c_floxif_mafia

  • Size

    2.5MB

  • Sample

    240417-a5gmvaae2t

  • MD5

    b482e0b4ed1daff702e9e8c71e44ef8c

  • SHA1

    abe26bbfe8f4295d1156e9e0369a1c86b254d6bb

  • SHA256

    03d17f9bd97e32137302b29fd09085a3f810f33e6c4105957bf38b43a6bc1f7b

  • SHA512

    6e0e02bc886d7b12b1287e27c058c4b966608594b2c0e04325741580faa09895812a25b82b16d36d599602698ea10bdfa6e725f8df44d1877bf828f1e4ac1fb3

  • SSDEEP

    49152:pmhcbMDOyZLi/N3iKTqOw7XYym7U4aFvsO1CThFhu7vLruwqf+tP:pmpiyZu/N3cOw7XSU4aFvsO1X7vr

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      2024-04-17_b482e0b4ed1daff702e9e8c71e44ef8c_floxif_mafia

    • Size

      2.5MB

    • MD5

      b482e0b4ed1daff702e9e8c71e44ef8c

    • SHA1

      abe26bbfe8f4295d1156e9e0369a1c86b254d6bb

    • SHA256

      03d17f9bd97e32137302b29fd09085a3f810f33e6c4105957bf38b43a6bc1f7b

    • SHA512

      6e0e02bc886d7b12b1287e27c058c4b966608594b2c0e04325741580faa09895812a25b82b16d36d599602698ea10bdfa6e725f8df44d1877bf828f1e4ac1fb3

    • SSDEEP

      49152:pmhcbMDOyZLi/N3iKTqOw7XYym7U4aFvsO1CThFhu7vLruwqf+tP:pmpiyZu/N3cOw7XSU4aFvsO1X7vr

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks