General

  • Target

    2024-06-18_b01a38528cc41cf5f5047341625f3c97_avoslocker_floxif

  • Size

    1009KB

  • Sample

    240618-t48vgs1frf

  • MD5

    b01a38528cc41cf5f5047341625f3c97

  • SHA1

    36494114d9e26c7d55a693ce12363910e5ed847a

  • SHA256

    d12aa96ad631335279b569eefd09a0e1d98203b262b42066298163590e7a1242

  • SHA512

    f715a6ae0779f23c4c266f9d528a61a436bf0066f2b97cb7f8bd8ede0a94037746dd168dfb78f61120d04b0175df38f6983b0af48bd5eb252b720ef8686a2b95

  • SSDEEP

    24576:+NbP+i829rvtMR82UumYYmyUOWmfy7NWlVeh5WKg8QT6cBrEH7l:+5++6+2UumYYmyRWmfy5WlVeOKgQcC

Malware Config

Targets

    • Target

      2024-06-18_b01a38528cc41cf5f5047341625f3c97_avoslocker_floxif

    • Size

      1009KB

    • MD5

      b01a38528cc41cf5f5047341625f3c97

    • SHA1

      36494114d9e26c7d55a693ce12363910e5ed847a

    • SHA256

      d12aa96ad631335279b569eefd09a0e1d98203b262b42066298163590e7a1242

    • SHA512

      f715a6ae0779f23c4c266f9d528a61a436bf0066f2b97cb7f8bd8ede0a94037746dd168dfb78f61120d04b0175df38f6983b0af48bd5eb252b720ef8686a2b95

    • SSDEEP

      24576:+NbP+i829rvtMR82UumYYmyUOWmfy7NWlVeh5WKg8QT6cBrEH7l:+5++6+2UumYYmyRWmfy5WlVeOKgQcC

    • UPX dump on OEP (original entry point)

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Privilege Escalation

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Tasks