General
-
Target
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44
-
Size
1.4MB
-
Sample
240908-z9v4gaydjb
-
MD5
c83fdc0f0c26b0b4ac167049d7184446
-
SHA1
f3e229e6bd93d9b49de9038396501c542dfb3dc7
-
SHA256
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44
-
SHA512
0186d8a35d561ce21b6ce68da71905fe565f9887c323463651be91da8c09da5fb7c90a21e50e2717902f6ea433db67717d04072f7f0cea3daa462f17c9bb6dfb
-
SSDEEP
24576:YdwKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGCv3:3KzcCyEq9DRho/ctH01Ws74rA4RUBDHQ
Static task
static1
Behavioral task
behavioral1
Sample
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44
-
Size
1.4MB
-
MD5
c83fdc0f0c26b0b4ac167049d7184446
-
SHA1
f3e229e6bd93d9b49de9038396501c542dfb3dc7
-
SHA256
c90532f9d61369a8641258c2695ba20eb78cc44fb4ba5ff87e03ba9129069c44
-
SHA512
0186d8a35d561ce21b6ce68da71905fe565f9887c323463651be91da8c09da5fb7c90a21e50e2717902f6ea433db67717d04072f7f0cea3daa462f17c9bb6dfb
-
SSDEEP
24576:YdwKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGCv3:3KzcCyEq9DRho/ctH01Ws74rA4RUBDHQ
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1