General
-
Target
FL Studio v21.2.3 [4004].exe
-
Size
1021.3MB
-
Sample
241103-jbvgaaxrdz
-
MD5
e175044a06322fcce7529df21a178d1b
-
SHA1
680aeb47b8f1dc749c6371a009d1d8f5035fcdec
-
SHA256
e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933
-
SHA512
ad90e9355923c68819d5a999f1a36c052d917b1cfec4712d9b0ae28aebbb8a7d096fdb0b4bd7f713240b1841a535a38ab80c9e37e67e3a30aadb8738c0015a04
-
SSDEEP
25165824:y2gWnKmCZREvIDFQp3851ixBeCX/jwp/6XC+:kWnUZtpQqfHmrwp/kN
Static task
static1
Behavioral task
behavioral1
Sample
FL Studio v21.2.3 [4004].exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FL Studio v21.2.3 [4004].exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
FL Studio v21.2.3 [4004].exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
FL Studio v21.2.3 [4004].exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
FL Studio v21.2.3 [4004].exe
-
Size
1021.3MB
-
MD5
e175044a06322fcce7529df21a178d1b
-
SHA1
680aeb47b8f1dc749c6371a009d1d8f5035fcdec
-
SHA256
e9ba725c4e84213a9379abf1685c9a4581b83b78a245b71d5dfbd064f6878933
-
SHA512
ad90e9355923c68819d5a999f1a36c052d917b1cfec4712d9b0ae28aebbb8a7d096fdb0b4bd7f713240b1841a535a38ab80c9e37e67e3a30aadb8738c0015a04
-
SSDEEP
25165824:y2gWnKmCZREvIDFQp3851ixBeCX/jwp/6XC+:kWnUZtpQqfHmrwp/kN
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1