General
-
Target
ebd20c07e8466ff3c8c8ce92214f59795a95833a8a4696956d6a10c735139d0a
-
Size
5.8MB
-
Sample
240730-ef4tasycla
-
MD5
a641556c642a26067bc5d8e657ecade7
-
SHA1
0cc80d546db86d3146a12cdad00e72ebb8ffd30c
-
SHA256
ebd20c07e8466ff3c8c8ce92214f59795a95833a8a4696956d6a10c735139d0a
-
SHA512
701059e5577b103bcff2d6f436cafd57cde99eb9e9f917918a2bd366907a7d5dffe16f071f5cfbea5b437916db6cc3f8ebc6011af35cb140966f10899f3bbfc2
-
SSDEEP
98304:ZGV1fA265P+YQZvE8P4mX18frP3wbzWFimaI7dlo0:IH65P+tMawgbzWFimaI7dlb
Static task
static1
Behavioral task
behavioral1
Sample
ebd20c07e8466ff3c8c8ce92214f59795a95833a8a4696956d6a10c735139d0a.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
ebd20c07e8466ff3c8c8ce92214f59795a95833a8a4696956d6a10c735139d0a
-
Size
5.8MB
-
MD5
a641556c642a26067bc5d8e657ecade7
-
SHA1
0cc80d546db86d3146a12cdad00e72ebb8ffd30c
-
SHA256
ebd20c07e8466ff3c8c8ce92214f59795a95833a8a4696956d6a10c735139d0a
-
SHA512
701059e5577b103bcff2d6f436cafd57cde99eb9e9f917918a2bd366907a7d5dffe16f071f5cfbea5b437916db6cc3f8ebc6011af35cb140966f10899f3bbfc2
-
SSDEEP
98304:ZGV1fA265P+YQZvE8P4mX18frP3wbzWFimaI7dlo0:IH65P+tMawgbzWFimaI7dlb
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1