General
-
Target
2024-09-10_acb6745aa9eb06b0be2de5098084ec7e_avoslocker_cobalt-strike_floxif
-
Size
224KB
-
Sample
240910-bt8gvssaqg
-
MD5
acb6745aa9eb06b0be2de5098084ec7e
-
SHA1
ea76f5756e4aa386758e95db4146f1138d821aa7
-
SHA256
fcb22cf8c4fee3cbaa39ff5c67b746c88a6eb702cfd11655d681a5240d8bc86b
-
SHA512
9f3a025cfcd063107a16eecf825a61f093cf2b6b9dd457a4557e18efe6c70775d3ede4dd548bbd82d1029e070cfd5417c475d2bb6c9e1d1e24fe6ef6ef8c7294
-
SSDEEP
6144:ayK2zi7ajvRcJSLKZH2FaLw9hH4JdBV+UdvrEFp7hKhf:ayK2zi+jv++9hH4JdBjvrEH7gf
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-10_acb6745aa9eb06b0be2de5098084ec7e_avoslocker_cobalt-strike_floxif.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-10_acb6745aa9eb06b0be2de5098084ec7e_avoslocker_cobalt-strike_floxif.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-10_acb6745aa9eb06b0be2de5098084ec7e_avoslocker_cobalt-strike_floxif
-
Size
224KB
-
MD5
acb6745aa9eb06b0be2de5098084ec7e
-
SHA1
ea76f5756e4aa386758e95db4146f1138d821aa7
-
SHA256
fcb22cf8c4fee3cbaa39ff5c67b746c88a6eb702cfd11655d681a5240d8bc86b
-
SHA512
9f3a025cfcd063107a16eecf825a61f093cf2b6b9dd457a4557e18efe6c70775d3ede4dd548bbd82d1029e070cfd5417c475d2bb6c9e1d1e24fe6ef6ef8c7294
-
SSDEEP
6144:ayK2zi7ajvRcJSLKZH2FaLw9hH4JdBV+UdvrEFp7hKhf:ayK2zi+jv++9hH4JdBjvrEH7gf
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-