90c069f975f125e308ec1da2e0789da2e963d277186e5ace1348f77aba445650

Resubmissions

09-08-2024 17:15

240809-vsxthsxbkh 7

09-08-2024 17:06

240809-vmkxrstamj 8

Sharing

Copy URL

Twitter E-mail

General

Target

FluxTeam.zip
Size

34.3MB
Sample

240809-vmkxrstamj
MD5

eaa845a8cabd9e13151786580b122e99
SHA1

460d005a4cac062a86552977ff6b7bb2f95c02e2
SHA256

90c069f975f125e308ec1da2e0789da2e963d277186e5ace1348f77aba445650
SHA512

c5a39b3b4b1462e537a811738438a3397005da0620e56474165246ead33c0663c571a3f35ad632f79baa62ed2bf54ffb08ebf53d8a48d269339c7e6c2fb5d007
SSDEEP

786432:CjyaAFZvok3gA/rbFy0Uf0dmAPNoDAyD8nJ3dnXqEOHsy/TZ:C2a+ZvosgA/Ny0Uz0oDAC8RdIHfrZ

Score

8^/10

Malware Config

Targets

- Target
  
  FluxTeam.zip
- Size
  
  34.3MB
- MD5
  
  eaa845a8cabd9e13151786580b122e99
- SHA1
  
  460d005a4cac062a86552977ff6b7bb2f95c02e2
- SHA256
  
  90c069f975f125e308ec1da2e0789da2e963d277186e5ace1348f77aba445650
- SHA512
  
  c5a39b3b4b1462e537a811738438a3397005da0620e56474165246ead33c0663c571a3f35ad632f79baa62ed2bf54ffb08ebf53d8a48d269339c7e6c2fb5d007
- SSDEEP
  
  786432:CjyaAFZvok3gA/rbFy0Uf0dmAPNoDAyD8nJ3dnXqEOHsy/TZ:C2a+ZvosgA/Ny0Uz0oDAC8RdIHfrZ
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  FluxTeam/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral2
- Target
  
  FluxTeam/Monaco/vs/basic-languages/bat/bat.js
- Size
  
  2KB
- MD5
  
  4cb475399c4490eea41982dcd6d9653e
- SHA1
  
  fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185
- SHA256
  
  9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
- SHA512
  
  27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783
Score

3^/10

execution
behavioral3
- Target
  
  FluxTeam/Monaco/vs/basic-languages/coffee/coffee.js
- Size
  
  3KB
- MD5
  
  9d0c4ac1691eed0a480c3e9246490d29
- SHA1
  
  38258864fd070c35cec6b68715d58771df9fe3e1
- SHA256
  
  e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
- SHA512
  
  437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6
Score

3^/10

execution
behavioral4
- Target
  
  FluxTeam/Monaco/vs/basic-languages/cpp/cpp.js
- Size
  
  5KB
- MD5
  
  0a16509e6cd0155fb622e785cfe976c7
- SHA1
  
  7afa7f823191c43d7a4bdd7d91577495de62c21a
- SHA256
  
  a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
- SHA512
  
  2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d
- SSDEEP
  
  96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL
Score

3^/10

execution
behavioral5
- Target
  
  FluxTeam/Monaco/vs/basic-languages/csharp/csharp.js
- Size
  
  4KB
- MD5
  
  f8f841d13c9220e15dcd6bc386b37ba2
- SHA1
  
  2b8b7003820d19ed83afde98c845db5e3d5753f8
- SHA256
  
  6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
- SHA512
  
  0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5
- SSDEEP
  
  96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI
Score

3^/10

execution
behavioral6
- Target
  
  FluxTeam/Monaco/vs/basic-languages/csp/csp.js
- Size
  
  1KB
- MD5
  
  22ada25d590811dcff4e5f5d698e583b
- SHA1
  
  c43d4846967d5037ef05b102e49d1fbc54e45fbc
- SHA256
  
  4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
- SHA512
  
  c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189
Score

3^/10

execution
behavioral7
- Target
  
  FluxTeam/Monaco/vs/basic-languages/css/css.js
- Size
  
  4KB
- MD5
  
  49ad30f1151cfd7a74677fdc6dd13da9
- SHA1
  
  286d47f0a4cfa26da2e4d1f1317a8c87000bb5fc
- SHA256
  
  bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91
- SHA512
  
  7337706bfd5bd54938da0fba35e97f8e5780491c04b58d43fc6d905bd2dca92897f1ed8d48e42665f166da7684cc6e29a63ae73f8d3779a9feb97c397a642f0d
- SSDEEP
  
  96:hFDMgRsozIq+q17qcq6V1+/aMj1cqTroIrqjKf8O3lzXY0Jc:hZzzv9VmjoOf8O39XbJc
Score

3^/10

execution
behavioral8
- Target
  
  FluxTeam/Monaco/vs/basic-languages/dockerfile/dockerfile.js
- Size
  
  2KB
- MD5
  
  e32de981bdaf75e6ffb8fe40bc955a68
- SHA1
  
  bef1af7b26ea01c987c7a6295bb7192d83a32068
- SHA256
  
  65b86fc54e9b35d6cb84f01dfb905680dbcad6605757de1d6bca84e3029889af
- SHA512
  
  a3eadd8c1389dff6c2c6e595efff69be3a573d01e4e16b8e4a8b28f63e4c48c9c439b5dd93666d81d703d1c6b5bf927cc8e47d04af270128095f0d579407c2f4
Score

3^/10

execution
behavioral9
- Target
  
  FluxTeam/Monaco/vs/basic-languages/fsharp/fsharp.js
- Size
  
  3KB
- MD5
  
  de122b3bc44a8714f386dc80282dcb12
- SHA1
  
  06888a9b616993e9af9797cec64c6d419065f2cb
- SHA256
  
  1390079babc117d3f376735780d98f409f317eb4628d17106642c6933ea1da7f
- SHA512
  
  ab48f2e5bfa6ea0024530141bb5d35b9090ee0254a3e8f8b86fa36cc8c2fca8000a3caafcfffc1d83e21c488e1f1990c91f537290b54fbbca1d3c7be090dfba5
Score

3^/10

execution
behavioral10
- Target
  
  FluxTeam/Monaco/vs/basic-languages/go/go.js
- Size
  
  2KB
- MD5
  
  5b4484c914cd97aff4510b803f2517ef
- SHA1
  
  8f275ac36c57c4c464e30f92f525ffbd0fd436c6
- SHA256
  
  46d1757c3cd3dbc3c7b465a338880144922a1c34c30e36f06ff2db8c2ff75b86
- SHA512
  
  b34c64f9997f4b72760eca270d2a0c2e22d83467d3f0bc82e7c0e63d62d8f9d74a144a28d676a223cdefef417af723801ac0535375d0dd64bb3a81e87617fed0
Score

3^/10

execution
behavioral11
- Target
  
  FluxTeam/Monaco/vs/basic-languages/handlebars/handlebars.js
- Size
  
  6KB
- MD5
  
  3ca7cf83292b56444548f2914c0e1811
- SHA1
  
  4be5b1adaa187d82a94967e6960d811acd700b93
- SHA256
  
  31d25588d120e7c79f3332ff3b3c794cebd0554c7578e3bb37b3cac366e4f6c2
- SHA512
  
  2d337b64def0d42f8bd6476cf31e806f67f77d26c95c68e75574fc310f7974852a810f8b197238559a2cb20d07914de5844481477321cdcb2c68c47da9088eb8
- SSDEEP
  
  96:hFDMgRspITV1+/I/+B1BerJzlWK2BZwIBTIwbcdg6EHpf4Og6E8S6g6EB+FpAjE3:hZhbYbQRld2BZ1O0p4OE60+dMZLDs
Score

3^/10

execution
behavioral12
- Target
  
  FluxTeam/Monaco/vs/basic-languages/html/html.js
- Size
  
  4KB
- MD5
  
  630fa41f59a189aed68b4db82559de95
- SHA1
  
  14a527d27240ba0effcfa43a5c46b9289e96b822
- SHA256
  
  c717ac0701d3b1e22dc52a0c53608214297e5fab7bc7011cf4e964f2eca9d62f
- SHA512
  
  e15c602788f13afd1e19e5f82de7a35eb9656950553bc3913205ba3e70ddf87199b7f9b358db7b7704efd3dc85029ad277692b6b84f5f549964b9dd7cce1ad60
- SSDEEP
  
  96:hFDMgRsfInV1+/6mQVV1+HBwBRl0GSytHd6EHaK4T6Ef6EByyEhcKMgEQEJWf:hZLP+4+GLl0GSytHLaK4ccKM2
Score

3^/10

execution
behavioral13
- Target
  
  FluxTeam/Monaco/vs/basic-languages/ini/ini.js
- Size
  
  1KB
- MD5
  
  b9252b74381fe17565d494711f4c9093
- SHA1
  
  9ed6a00a166c0b5abdbb3ea45fa7df3a5defc8ee
- SHA256
  
  1f0feeae58c32f6e1f31b78f7e2aab3c91da387e464234c0f55ebff0e77444a2
- SHA512
  
  2fe594de8ac3444223edc011cbd7f08a6f8ab2de2bf56919c2d6f1208e22391652d14549c3822c21c4999139ffce711fdbf00725e95aa01068bf5f223c3b8710
Score

3^/10

execution
behavioral14
- Target
  
  FluxTeam/Monaco/vs/basic-languages/java/java.js
- Size
  
  3KB
- MD5
  
  826546e08f178d68e8aa2ab29194c03a
- SHA1
  
  444ed723cadc4231f2dce5c54597fa8558893d12
- SHA256
  
  44be702cae05d5844dc1c452f9bd94020007b9e543a765db4e6649278607d218
- SHA512
  
  8edb46eefaa3277374ba5dc656423115735573a57e82002745ce6112f666079d6ab7d9b5a79ed208ff51487e9ec2b757c45ec1b3c8119d8cbcd4f7cd30347ef9
Score

3^/10

execution
behavioral15
- Target
  
  FluxTeam/Monaco/vs/basic-languages/less/less.js
- Size
  
  4KB
- MD5
  
  696ef3dca27b4f9313deba6f99710154
- SHA1
  
  d3b377cae3355c3facbecc85bb342d4af34436ca
- SHA256
  
  ed8d1a9da4e62d1cffe4c83580c9df57d688e850a45ace72c11bdeb064520a16
- SHA512
  
  f9f65f8730fac803cb01d127c467359f428dbcc8e368f40a15fd56b7150b2258e9c581c3a35712ccc2fcde8a7108c89a33b80cb72721fea663a11a553657dc29
- SSDEEP
  
  96:hFDMgRsR6rMq+q17qcq6V1+/v+ufj1cCzBbu/2nOgeJamEulIHrraW4NUa:hZE6rr9PuhlzBbu4OLaDuKqW4NUa
Score

3^/10

execution
behavioral16
- Target
  
  FluxTeam/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  5KB
- MD5
  
  8706d861294e09a1f2f7e63d19e5fcb7
- SHA1
  
  fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
- SHA256
  
  fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
- SHA512
  
  1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
- SSDEEP
  
  96:SD3yDUfRD5dyVdO29SvE/TMCL8CvcOAtOfxSVkxMZlMfE:nD4Ldyn7Ss/TMmUtOfxhxjE
Score

3^/10

execution
behavioral17
- Target
  
  FluxTeam/Monaco/vs/basic-languages/markdown/markdown.js
- Size
  
  3KB
- MD5
  
  caf4799639d5df40dfb1b979ed68af9c
- SHA1
  
  6578ccc5111ddc190c354449be2630d91a21523b
- SHA256
  
  eaaf453e0a9f9a604547e564a24e682503189cb9b85c87715bc9b5b6492b6f62
- SHA512
  
  e787f3f849a40c608c3b35b732f16e4400c2d47e89ff309566afbc879fe37a7018722b959dc8ddc8c859d76e2f7bc0b85555cd27f7fc5e4d8e51e460ed32c9ca
Score

3^/10

execution
behavioral18
- Target
  
  FluxTeam/Monaco/vs/basic-languages/msdax/msdax.js
- Size
  
  5KB
- MD5
  
  eaa7bff8662633aec211d57fd17cb8ce
- SHA1
  
  3d783a13339a5797fa701165484bbdb70ffc0616
- SHA256
  
  6ab13356e083c4334e93d3167bdd17d02552508bfd11ea044c880af3a1dd94f9
- SHA512
  
  b3c5069dd3b8b56c0c945cd36909e2d7b575d3b804714b724b7f80bf03de1983a29e33dce050ff599017ece4ce22dce1f01bddda7ae2d41b25779455b96f4c00
- SSDEEP
  
  96:hFDMgRsHrviqgq+q17qU/E18Qby0qbmofEsl93Bjy2rzR9sJDJOuz3O+PYLq+v6I:hZmrTY8Ey0UJfEI9z+zz3O+PYLZy4axE
Score

3^/10

execution
behavioral19
- Target
  
  FluxTeam/Monaco/vs/basic-languages/mysql/mysql.js
- Size
  
  14KB
- MD5
  
  6482b3f16ca4f1436d5a5c9b54ab8956
- SHA1
  
  bec1d967c0db6ca73cde65debd418f3e2c4db36c
- SHA256
  
  7ba586bf9c623dc23f27a46e95a22342caa1f42d3b19fd9c018eb3b7298206dd
- SHA512
  
  24b0dcb75254f4d69209d42bed81730c7c9ccac2230047a8fe46c81dab5a65618ce59be1b09100a1a2e42c515ea2a923a9c7084280bc567b2a6ee987cfb11039
- SSDEEP
  
  384:hALxoDo1S36rNh/xkxnethQZZ62lANnY0k7N6AVzIAtSc2F9/0yW:SLxoDo1e4Nh/xNthQZZgNn67N6AVzIAp
Score

3^/10

execution
behavioral20
- Target
  
  FluxTeam/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
- Size
  
  4KB
- MD5
  
  48e754cb54c78a85dcc9aaea9a27847e
- SHA1
  
  8d79b23037deb6586e4954305dcb4caee14afbd2
- SHA256
  
  d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
- SHA512
  
  f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
- SSDEEP
  
  48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

3^/10

discovery
behavioral21
- Target
  
  FluxTeam/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
- Size
  
  4KB
- MD5
  
  6e5c0ce7ec09969f07ea6ee078ef8ad6
- SHA1
  
  deadc5357a26852d872bffa77d1aa19108603b25
- SHA256
  
  7d23c0f30cb9c05c81bb15785a3299772ae3cfbe51f3e04895aa1f23ffbeba5b
- SHA512
  
  2b02cb82f9e4720ee43bfc8b7fe5d6de38228329aafbedb589d5a219057c15f073023deca3c1ca5b65cea4a4f0d863ebd88c889b1d67119639fae2ce180863bf
- SSDEEP
  
  48:Cn7wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKHG:EJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Score

3^/10

discovery
behavioral22
- Target
  
  FluxTeam/Monaco/vs/editor/editor.main.css
- Size
  
  171KB
- MD5
  
  233217455a3ef3604bf4942024b94f98
- SHA1
  
  95cd3ce46f4ca65708ec25d59dddbfa3fc44e143
- SHA256
  
  2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
- SHA512
  
  6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455
- SSDEEP
  
  1536:ZxP4PUPVP0PAPeMi76Q4TVq5bbhLynlDTkDatDF8Jmmvgs0aMJkn:p2bIRkDSYmmvgs0aMJK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23
- Target
  
  FluxTeam/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
- Size
  
  20KB
- MD5
  
  649fb0a55b0e0fc9d79e6b7872a14c10
- SHA1
  
  b33619c9dfd65d3f2e5a5fcb767a752123d51607
- SHA256
  
  fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
- SHA512
  
  3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
- SSDEEP
  
  384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Score

3^/10

discovery
behavioral24
- Target
  
  FluxTeam/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25
- Target
  
  FluxTeam/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral26
- Target
  
  FluxTeam/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral27
- Target
  
  FluxTeam/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral28
- Target
  
  FluxTeam/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral29
- Target
  
  FluxTeam/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral30
- Target
  
  FluxTeam/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral31
- Target
  
  FluxTeam/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Checks system information in the registry

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32