Overview

overview

9

Static

static

3

2024-04-27...if.exe

windows7-x64

9

2024-04-27...if.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-27_6c25357d2ac5e72bc7fb84aeb82d2857_avoslocker_cobalt-strike_floxif

  • Size

    665KB

  • Sample

    240427-asnkmafb65

  • MD5

    6c25357d2ac5e72bc7fb84aeb82d2857

  • SHA1

    0559e753029f1ee493f902b0dce4a0a2659ff09d

  • SHA256

    ac83df584887d987a77a789eab7185eafcd731cd3c5032d4d5bf663e562c4569

  • SHA512

    a680ec56f018aa5af550e3458c886286ce7f6c215181a4c9bfcf75d4d80b10bb3073372693bf4424522d986bee10a1b7fb73bd7834ac43111567825d975b6bef

  • SSDEEP

    12288:Xz+bXciafJcLln5QwnVWqqPIBONhxsU/EbBjvrEH74:XCrN90r/xsU/EhrEH74

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      2024-04-27_6c25357d2ac5e72bc7fb84aeb82d2857_avoslocker_cobalt-strike_floxif

    • Size

      665KB

    • MD5

      6c25357d2ac5e72bc7fb84aeb82d2857

    • SHA1

      0559e753029f1ee493f902b0dce4a0a2659ff09d

    • SHA256

      ac83df584887d987a77a789eab7185eafcd731cd3c5032d4d5bf663e562c4569

    • SHA512

      a680ec56f018aa5af550e3458c886286ce7f6c215181a4c9bfcf75d4d80b10bb3073372693bf4424522d986bee10a1b7fb73bd7834ac43111567825d975b6bef

    • SSDEEP

      12288:Xz+bXciafJcLln5QwnVWqqPIBONhxsU/EbBjvrEH74:XCrN90r/xsU/EhrEH74

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks