Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-01-24_f1ab5e4ef33da0b1cf66a9e6493ad90d_floxif_mafia_qakbot_revil
-
Size
4.6MB
-
Sample
250124-3dmc8svqgj
-
MD5
f1ab5e4ef33da0b1cf66a9e6493ad90d
-
SHA1
47b845ddf73d2dc4c7b145e9467f8074105eefc7
-
SHA256
9c18887480845ab15764d0387ec4ee8b221fdded241baeccd64888194a46c20e
-
SHA512
8395187bb5ae1351f4eeea8e128dc6914223541099412b26cf6ec80fea032b28a5d6f8aaf3aeb345f3797bc0335f8ea3c63a2593f2b540fe191f72d647c53845
-
SSDEEP
98304:DcxGy2klzIyeuRxp4qaedgNtAC72B/XW02c9GVe:fxklzIyeuRxp4qaedgXAC7HNcEVe
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-24_f1ab5e4ef33da0b1cf66a9e6493ad90d_floxif_mafia_qakbot_revil.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2025-01-24_f1ab5e4ef33da0b1cf66a9e6493ad90d_floxif_mafia_qakbot_revil
-
Size
4.6MB
-
MD5
f1ab5e4ef33da0b1cf66a9e6493ad90d
-
SHA1
47b845ddf73d2dc4c7b145e9467f8074105eefc7
-
SHA256
9c18887480845ab15764d0387ec4ee8b221fdded241baeccd64888194a46c20e
-
SHA512
8395187bb5ae1351f4eeea8e128dc6914223541099412b26cf6ec80fea032b28a5d6f8aaf3aeb345f3797bc0335f8ea3c63a2593f2b540fe191f72d647c53845
-
SSDEEP
98304:DcxGy2klzIyeuRxp4qaedgNtAC72B/XW02c9GVe:fxklzIyeuRxp4qaedgXAC7HNcEVe
-
Floxif family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-