General

  • Target

    2024-06-18_dcc13fa2f0072cef2e9057eebe01aec3_floxif_mafia

  • Size

    3.9MB

  • Sample

    240618-t7j1jawbpm

  • MD5

    dcc13fa2f0072cef2e9057eebe01aec3

  • SHA1

    602b13bdf791b24b333efbbfc5455f1dd3a9cdc3

  • SHA256

    6b79a0c11edc361b7efb6721dc9bd4aa0fa24d68b2a14b9dbacba849ae39408d

  • SHA512

    9cb8f60e06b5dee4c475dbcc4056a593a4952b4f6aab65843967b8d46196ac164ac91538e02771a4180c660fc55dd047c1208eb988c50a2ac145b0c6241a96b1

  • SSDEEP

    98304:1g+ESjoa9kZ6DRwcEtzCyQWuKglLgEQ/PF9rj+De0nzQUyH:1g+ESJ9k6bOuTgzF9rj+DoUM

Malware Config

Targets

    • Target

      2024-06-18_dcc13fa2f0072cef2e9057eebe01aec3_floxif_mafia

    • Size

      3.9MB

    • MD5

      dcc13fa2f0072cef2e9057eebe01aec3

    • SHA1

      602b13bdf791b24b333efbbfc5455f1dd3a9cdc3

    • SHA256

      6b79a0c11edc361b7efb6721dc9bd4aa0fa24d68b2a14b9dbacba849ae39408d

    • SHA512

      9cb8f60e06b5dee4c475dbcc4056a593a4952b4f6aab65843967b8d46196ac164ac91538e02771a4180c660fc55dd047c1208eb988c50a2ac145b0c6241a96b1

    • SSDEEP

      98304:1g+ESjoa9kZ6DRwcEtzCyQWuKglLgEQ/PF9rj+De0nzQUyH:1g+ESJ9k6bOuTgzF9rj+DoUM

    • UPX dump on OEP (original entry point)

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Privilege Escalation

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks