General
-
Target
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38
-
Size
1.4MB
-
Sample
240815-m1ec5steqj
-
MD5
30b7b6de71ec83b55eb6478c9647775a
-
SHA1
bbcc22032431ffe5b929d8cfa1ba9cf83af12f08
-
SHA256
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38
-
SHA512
bee026f4d331858396ba3b1a1ebbeaa29b350a29f87f8a37bd0515210545ed5b328bed84512e32c18425207c0fc2b8759fc0405f4db546f9b484c84a0876ec1f
-
SSDEEP
24576:gV8Kk/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuI/rs:3KY1rgXteP3Vz9oI2mhoNosVDP+fXR
Static task
static1
Behavioral task
behavioral1
Sample
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38
-
Size
1.4MB
-
MD5
30b7b6de71ec83b55eb6478c9647775a
-
SHA1
bbcc22032431ffe5b929d8cfa1ba9cf83af12f08
-
SHA256
3ab73eea078b1b02178fae3a40dc485ff3fbe1399ac1e86371c54de788f96a38
-
SHA512
bee026f4d331858396ba3b1a1ebbeaa29b350a29f87f8a37bd0515210545ed5b328bed84512e32c18425207c0fc2b8759fc0405f4db546f9b484c84a0876ec1f
-
SSDEEP
24576:gV8Kk/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuI/rs:3KY1rgXteP3Vz9oI2mhoNosVDP+fXR
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1