General
-
Target
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf
-
Size
1.3MB
-
Sample
240926-hm8bvatcjn
-
MD5
31a3423ba9b280231c8c1572b7f797fe
-
SHA1
a43dc0115dcf2582abb3c5b5c246b8571f711fba
-
SHA256
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf
-
SHA512
8d3018173d2a0f199612336f14a5688d7a6e439ac8becf2bdf5a75a2f24808964824c7dc552711e0f12d0af71c99af310698bfffb79ea207afba4d62395e8de7
-
SSDEEP
24576:84UWOQryq7izn0aZa5zrCa06kYJrUVjCkzaXawOSJIqSweBrEH7V:QxQ+1fZapCa06tFGLIawTJIqld
Static task
static1
Behavioral task
behavioral1
Sample
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf
-
Size
1.3MB
-
MD5
31a3423ba9b280231c8c1572b7f797fe
-
SHA1
a43dc0115dcf2582abb3c5b5c246b8571f711fba
-
SHA256
27b21bf1bf8c0b3d630b5f13df8adffac79e6cff4fab9f74543af349d751dbaf
-
SHA512
8d3018173d2a0f199612336f14a5688d7a6e439ac8becf2bdf5a75a2f24808964824c7dc552711e0f12d0af71c99af310698bfffb79ea207afba4d62395e8de7
-
SSDEEP
24576:84UWOQryq7izn0aZa5zrCa06kYJrUVjCkzaXawOSJIqSweBrEH7V:QxQ+1fZapCa06tFGLIawTJIqld
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1