General

  • Target

    fluxus.exe

  • Size

    73.5MB

  • Sample

    241227-zxhydazlgz

  • MD5

    d3e92d7f380607d8b4d230eefd3a12e3

  • SHA1

    cf9ab3e50b4684153348098fea91d800f359cda4

  • SHA256

    a61eb881291e75bdd460568fa7b88237517597b4bdad6cf3c86584de1379afc7

  • SHA512

    122ae0ff4e576913166294298d809e34c72b933696969fec51d78410647a6809c66e935053019f4e699fe08f749144199b725ea2787d346dea881921ac244d02

  • SSDEEP

    1572864:b1l+WdXmUSk8IpG7V+VPhqFxE7glhWiYweyJulZUdgUztCAuPd72:b1s0XmUSkB05awF1LLpuQMhZ2

Malware Config

Targets

    • Target

      fluxus.exe

    • Size

      73.5MB

    • MD5

      d3e92d7f380607d8b4d230eefd3a12e3

    • SHA1

      cf9ab3e50b4684153348098fea91d800f359cda4

    • SHA256

      a61eb881291e75bdd460568fa7b88237517597b4bdad6cf3c86584de1379afc7

    • SHA512

      122ae0ff4e576913166294298d809e34c72b933696969fec51d78410647a6809c66e935053019f4e699fe08f749144199b725ea2787d346dea881921ac244d02

    • SSDEEP

      1572864:b1l+WdXmUSk8IpG7V+VPhqFxE7glhWiYweyJulZUdgUztCAuPd72:b1s0XmUSkB05awF1LLpuQMhZ2

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks