General
-
Target
5db226ab1c2dcf125c25f459bd73e820N.exe
-
Size
4.4MB
-
Sample
240816-gzqrwszbra
-
MD5
5db226ab1c2dcf125c25f459bd73e820
-
SHA1
fefa6122dcb6bc5ce63ebf6bcd59205001aea0b4
-
SHA256
64d0081e8791afc533e9bbd9343a504a3e5cfc2be5c53f5ce92cc67ca8730506
-
SHA512
b8e40924a2492dcb02050202b84bc27c6ac3f036c6e9cbe7bbcba933eb484be73a8cdf574ebee49798e9fdb99d786a613ddd4b83a6bcedbd578e8434bef0b736
-
SSDEEP
49152:1lc0nugJkl/ec9mNC5Lc6qwvC7tZnw1zr2sP2sn8Azt/MPeTi93zXmnRa0d8cQ7Q:fpFw/e/Dw67Ax/7i9C/8cQ7+tMQl
Static task
static1
Behavioral task
behavioral1
Sample
5db226ab1c2dcf125c25f459bd73e820N.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
5db226ab1c2dcf125c25f459bd73e820N.exe
-
Size
4.4MB
-
MD5
5db226ab1c2dcf125c25f459bd73e820
-
SHA1
fefa6122dcb6bc5ce63ebf6bcd59205001aea0b4
-
SHA256
64d0081e8791afc533e9bbd9343a504a3e5cfc2be5c53f5ce92cc67ca8730506
-
SHA512
b8e40924a2492dcb02050202b84bc27c6ac3f036c6e9cbe7bbcba933eb484be73a8cdf574ebee49798e9fdb99d786a613ddd4b83a6bcedbd578e8434bef0b736
-
SSDEEP
49152:1lc0nugJkl/ec9mNC5Lc6qwvC7tZnw1zr2sP2sn8Azt/MPeTi93zXmnRa0d8cQ7Q:fpFw/e/Dw67Ax/7i9C/8cQ7+tMQl
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-