General
-
Target
7df0dc2f54f12fac26335242b32dfa60N.exe
-
Size
3.7MB
-
Sample
240816-flzxza1ajr
-
MD5
7df0dc2f54f12fac26335242b32dfa60
-
SHA1
bc44990ea3b33b2c48f5ef85447b70c2966fe860
-
SHA256
d43a11afe04901455f8a2b7d239482092d89dcfa7326df9a4de4ab7e71021331
-
SHA512
ee597b6d08bd5eda99c88c1f5dc8f5d36c4805df5f0c12459c67b68c460cbd3438dfe016394d42de38221430dfbe5faf5510a1e4aab09b341df1653829a7dde1
-
SSDEEP
98304:zcqvE2eJX+0ngCSSL6PmFmYrWrUj+ZtPDXU2he0psM:zcuedZgFSv1rFjQDXU2XpsM
Static task
static1
Behavioral task
behavioral1
Sample
7df0dc2f54f12fac26335242b32dfa60N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7df0dc2f54f12fac26335242b32dfa60N.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
7df0dc2f54f12fac26335242b32dfa60N.exe
-
Size
3.7MB
-
MD5
7df0dc2f54f12fac26335242b32dfa60
-
SHA1
bc44990ea3b33b2c48f5ef85447b70c2966fe860
-
SHA256
d43a11afe04901455f8a2b7d239482092d89dcfa7326df9a4de4ab7e71021331
-
SHA512
ee597b6d08bd5eda99c88c1f5dc8f5d36c4805df5f0c12459c67b68c460cbd3438dfe016394d42de38221430dfbe5faf5510a1e4aab09b341df1653829a7dde1
-
SSDEEP
98304:zcqvE2eJX+0ngCSSL6PmFmYrWrUj+ZtPDXU2he0psM:zcuedZgFSv1rFjQDXU2XpsM
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-