Overview

overview

9

Static

static

1

2024-05-17...if.exe

windows7-x64

9

2024-05-17...if.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-17_eb8798404094440620d2d62fc100c687_bkransomware_floxif

  • Size

    4.7MB

  • Sample

    240517-jkdvwsga7w

  • MD5

    eb8798404094440620d2d62fc100c687

  • SHA1

    a48645083621196a79286c2005d77c4fd1f1e1fb

  • SHA256

    147fbc45cf6f9be8d693fc2673d12ccd039e1c5c8b947be211bc456300472afd

  • SHA512

    d9679535a76ae4d7371f8171aefae9ee0799fe7b57ca5697f8b2db1eded1efba344f9a60e4506e1be0fad020a034d757be630e7fc99194ed06e99f76e961bb33

  • SSDEEP

    98304:kBe4Il9dRPenSX5gSoC30DHDB1dE46V3u/D:hfNenq38L/D

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      2024-05-17_eb8798404094440620d2d62fc100c687_bkransomware_floxif

    • Size

      4.7MB

    • MD5

      eb8798404094440620d2d62fc100c687

    • SHA1

      a48645083621196a79286c2005d77c4fd1f1e1fb

    • SHA256

      147fbc45cf6f9be8d693fc2673d12ccd039e1c5c8b947be211bc456300472afd

    • SHA512

      d9679535a76ae4d7371f8171aefae9ee0799fe7b57ca5697f8b2db1eded1efba344f9a60e4506e1be0fad020a034d757be630e7fc99194ed06e99f76e961bb33

    • SSDEEP

      98304:kBe4Il9dRPenSX5gSoC30DHDB1dE46V3u/D:hfNenq38L/D

    Score
    9/10
    upxpersistence

    • UPX dump on OEP (original entry point)

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks