General
-
Target
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb
-
Size
1.6MB
-
Sample
240730-esx7aaydkf
-
MD5
92e17df0c84acc4195ae7a0de22219c3
-
SHA1
1632b9e87d9cf820d8c52d0d820d524447c7b1dd
-
SHA256
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb
-
SHA512
a2dc8303145f1079f6c957d31ac56590cee0f145d5a0e67e3c68d98b354b1ce0d269b2067a66454684beecd14ba134bfa00a82c3bb2aa221cc745979bda6070a
-
SSDEEP
24576:b3xCQTCx+0YXZKmNlaDLar12Gr1+HBF19TaJB5W520Hz7UgvvQPA8rEH7f:rxduQomDTUL19TkBIg0Hz7N4Pe
Static task
static1
Behavioral task
behavioral1
Sample
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb
-
Size
1.6MB
-
MD5
92e17df0c84acc4195ae7a0de22219c3
-
SHA1
1632b9e87d9cf820d8c52d0d820d524447c7b1dd
-
SHA256
f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb
-
SHA512
a2dc8303145f1079f6c957d31ac56590cee0f145d5a0e67e3c68d98b354b1ce0d269b2067a66454684beecd14ba134bfa00a82c3bb2aa221cc745979bda6070a
-
SSDEEP
24576:b3xCQTCx+0YXZKmNlaDLar12Gr1+HBF19TaJB5W520Hz7UgvvQPA8rEH7f:rxduQomDTUL19TkBIg0Hz7N4Pe
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-