d53de10f91c33b124077ff27f6b48f656e2942b45915e5c32ee3f7442290794e | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-22...ia.exe

windows7-x64

9

2024-04-22...ia.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-22_d200cd10522496900e9c33283157c1f9_floxif_mafia
Size

19.5MB
Sample

240422-ydm8bafc53
MD5

d200cd10522496900e9c33283157c1f9
SHA1

36b6b3c56c90999eebc5555ca52282c3b8fd9415
SHA256

d53de10f91c33b124077ff27f6b48f656e2942b45915e5c32ee3f7442290794e
SHA512

d63317200f74db4f8add8b0d3d6ed7dcfc09c5f1df6918a3a321d3bc483e35031a087ec1a16c2d0b95e1ec2d0f9bf27e31867b0a4a977a94299dbe120e8b89f0
SSDEEP

393216:XfDjcL3ozX1Nv718NNGj7JfVfT/piEPBACEfTjcL3HzX1Nv718NNGj7JfVfT/piu:bjcL0mNIj9W8BANjcLvmNIj9Wu

Score

10^/10

cryptone packer persistence upx

Static task

static1

cryptone packer

4 signatures

Behavioral task

behavioral1

Sample

2024-04-22_d200cd10522496900e9c33283157c1f9_floxif_mafia.exe

Resource

win7-20240221-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-22_d200cd10522496900e9c33283157c1f9_floxif_mafia.exe

Resource

win10v2004-20240226-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-22_d200cd10522496900e9c33283157c1f9_floxif_mafia
- Size
  
  19.5MB
- MD5
  
  d200cd10522496900e9c33283157c1f9
- SHA1
  
  36b6b3c56c90999eebc5555ca52282c3b8fd9415
- SHA256
  
  d53de10f91c33b124077ff27f6b48f656e2942b45915e5c32ee3f7442290794e
- SHA512
  
  d63317200f74db4f8add8b0d3d6ed7dcfc09c5f1df6918a3a321d3bc483e35031a087ec1a16c2d0b95e1ec2d0f9bf27e31867b0a4a977a94299dbe120e8b89f0
- SSDEEP
  
  393216:XfDjcL3ozX1Nv718NNGj7JfVfT/piEPBACEfTjcL3HzX1Nv718NNGj7JfVfT/piu:bjcL0mNIj9W8BANjcLvmNIj9Wu
Score

9^/10

persistence upx
- Detects executables packed with Enigma
- UPX dump on OEP (original entry point)
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy