General
-
Target
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1
-
Size
3.7MB
-
Sample
250128-alts3a1lbr
-
MD5
11f6f0550436ad955c7c2b4f41a94896
-
SHA1
5443a7d9add5d0530621f2dbae5b27bdcf23a565
-
SHA256
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1
-
SHA512
0ac800c1e460a01f6326c18d508e2db30338e5c0bdd0b2a11eaba81e592e4c13e8f9035a1b1b2c82c6bbe1231a4a67bcec7377d1e1c358b29ddb7e802a25d7f7
-
SSDEEP
98304:35MQvY/NFRjQUEaUJhtH/Ll3AzrIdHM3AUDOE:J0dULh/Ll3grIdHM3AUDOE
Static task
static1
Behavioral task
behavioral1
Sample
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1
-
Size
3.7MB
-
MD5
11f6f0550436ad955c7c2b4f41a94896
-
SHA1
5443a7d9add5d0530621f2dbae5b27bdcf23a565
-
SHA256
807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1
-
SHA512
0ac800c1e460a01f6326c18d508e2db30338e5c0bdd0b2a11eaba81e592e4c13e8f9035a1b1b2c82c6bbe1231a4a67bcec7377d1e1c358b29ddb7e802a25d7f7
-
SSDEEP
98304:35MQvY/NFRjQUEaUJhtH/Ll3AzrIdHM3AUDOE:J0dULh/Ll3grIdHM3AUDOE
-
Floxif family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-