ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a | Triage

Submit
Reports

Overview

overview

9

Static

static

3

ffbdf0cd07...6a.exe

windows7-x64

9

ffbdf0cd07...6a.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a
Size

10.8MB
Sample

240625-llvadaverl
MD5

f9e85df909ad324b68643e14abd50d71
SHA1

d519ffb701d460de3fb77f31d96c05e0b6ae1195
SHA256

ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a
SHA512

6fea830b09295fa9a90592aa740cc3a1fbecfd5cb21c9cc660f64a3cb8161b38f74e6b60772a20d6b1b17cd3cd671a10849d4d4391908b8972c1de802a54fd0c
SSDEEP

196608:OZzrENt07+s5HLwe3dRh8VCrbmB26mMD+cpvJ/4H3nmghWoa/fsysMF4JD85lvku:OZVzpbmklMFgXnU7sElvy

Score

9^/10

evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a.exe

Resource

win7-20240508-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a
- Size
  
  10.8MB
- MD5
  
  f9e85df909ad324b68643e14abd50d71
- SHA1
  
  d519ffb701d460de3fb77f31d96c05e0b6ae1195
- SHA256
  
  ffbdf0cd078a2e6374d64ba3bc80b3560eb6334b9df098fb59047763090efb6a
- SHA512
  
  6fea830b09295fa9a90592aa740cc3a1fbecfd5cb21c9cc660f64a3cb8161b38f74e6b60772a20d6b1b17cd3cd671a10849d4d4391908b8972c1de802a54fd0c
- SSDEEP
  
  196608:OZzrENt07+s5HLwe3dRh8VCrbmB26mMD+cpvJ/4H3nmghWoa/fsysMF4JD85lvku:OZVzpbmklMFgXnU7sElvy
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy