General
-
Target
2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif
-
Size
464KB
-
Sample
240926-fe7z1a1enh
-
MD5
5780eb5e3589f0be85ec7a296acecc43
-
SHA1
9b3bfa8c9498d18b8b593af661f6755eda445dd7
-
SHA256
4b659bd1005658eba8f7cd43339c10340a2fa57035ddc0ea60d8aea712bd7ca2
-
SHA512
9bf768bd26e399ef68db556fd74a8fc5af55f8c2c7a283b2bb2f372a146beb82d57e354001d35815d90678bb1fe85bd9931c86405c928165dba71f47ab7b9750
-
SSDEEP
12288:5K3D/88X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7n:50L8E5j/xs7RYrEH7n
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif
-
Size
464KB
-
MD5
5780eb5e3589f0be85ec7a296acecc43
-
SHA1
9b3bfa8c9498d18b8b593af661f6755eda445dd7
-
SHA256
4b659bd1005658eba8f7cd43339c10340a2fa57035ddc0ea60d8aea712bd7ca2
-
SHA512
9bf768bd26e399ef68db556fd74a8fc5af55f8c2c7a283b2bb2f372a146beb82d57e354001d35815d90678bb1fe85bd9931c86405c928165dba71f47ab7b9750
-
SSDEEP
12288:5K3D/88X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7n:50L8E5j/xs7RYrEH7n
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-