General
-
Target
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
-
Size
1.4MB
-
Sample
240816-hfkbfavcrl
-
MD5
00397c76510575ad27ad9131b2bff688
-
SHA1
a6356908f11c54951fa72447a807459533de45d0
-
SHA256
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
-
SHA512
03425756997968e6d1998acd7ea23a1d3c9efd9fac8da9d2e34e934639512df676cf0f3847707dcbd2c9c19bee385c60ff58d68886424ca4f57b40de66c902dd
-
SSDEEP
24576:X8KH/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuIfrE2:sK51rgXteP3Vz9oI2mhoNosVDP+fX+
Static task
static1
Behavioral task
behavioral1
Sample
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
-
Size
1.4MB
-
MD5
00397c76510575ad27ad9131b2bff688
-
SHA1
a6356908f11c54951fa72447a807459533de45d0
-
SHA256
e92b69e4a4bb0f27803f07800fbfbd6817d3693c791c9f4ad7782e624785e51d
-
SHA512
03425756997968e6d1998acd7ea23a1d3c9efd9fac8da9d2e34e934639512df676cf0f3847707dcbd2c9c19bee385c60ff58d68886424ca4f57b40de66c902dd
-
SSDEEP
24576:X8KH/B1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuIfrE2:sK51rgXteP3Vz9oI2mhoNosVDP+fX+
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1