General
-
Target
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe
-
Size
1.4MB
-
Sample
241109-g88ztszcjb
-
MD5
ce8e3bec3e01e7212fb8764a3d007629
-
SHA1
fe4f1f2a58cc19b796ff1e4e091cebfa988fcc98
-
SHA256
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe
-
SHA512
54a9c4e3c347626146e0caa6c346ef9a23ba341f2bfba5d33eb25750bff6aeac3c472c765e39ff0b00cd3cad99fca3f359a123e824c7827628d5cc730af799e0
-
SSDEEP
24576:q2vKjZQYfXDPJZOE9PjCFaAL11MJY7pjtafbojRAaUtYQCK16dck0tWrHrrEH7O:zK9QYfDPJZr9ra11M+jtIbCRLlv7p0tu
Static task
static1
Behavioral task
behavioral1
Sample
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe
-
Size
1.4MB
-
MD5
ce8e3bec3e01e7212fb8764a3d007629
-
SHA1
fe4f1f2a58cc19b796ff1e4e091cebfa988fcc98
-
SHA256
927ee47eeef21f09c7bc859539a44ddb94f878a750a3e0c81751d36664d1a2fe
-
SHA512
54a9c4e3c347626146e0caa6c346ef9a23ba341f2bfba5d33eb25750bff6aeac3c472c765e39ff0b00cd3cad99fca3f359a123e824c7827628d5cc730af799e0
-
SSDEEP
24576:q2vKjZQYfXDPJZOE9PjCFaAL11MJY7pjtafbojRAaUtYQCK16dck0tWrHrrEH7O:zK9QYfDPJZr9ra11M+jtIbCRLlv7p0tu
-
Floxif family
-
Detects Floxif payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
3AppInit DLLs
1Component Object Model Hijacking
1Image File Execution Options Injection
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1