Managed XDR
Group-IB MDP Report
File info
Filename: home-petik-ss-malware-2025-10-04_65f4fc0a43aafd696ecf50260e172ca9_amadey_elex_floxif_smoke-loader_stealc_stop_tofsee
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 316.4 KB
Env info
win7/x86 en
Hashes
SHA1: cbf283ddb1f7a9e05c027925dcd026617bd8cadc
SHA256: 58061f624fcb14eb1c070b255a4510cf92ececdab8928912a4aa5484da0f385b
MD5: 65f4fc0a43aafd696ecf50260e172ca9
Signatures
Persistence
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Privilege Escalation
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Defense Evasion
T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1134 sets_privilegies_via_adjusttokenprivileges: Sets process privilege via AdjustTokenPrivileges
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process
Other
yara_rules: Static rules
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path
creates_exe: Creates executable files in the file system
pe_overlay: PE file contains overlay
next report: f6e83474-aed3-4892-ac99-5ad74d75a8d5
previous report: af8c54b5-b967-4158-931e-cb355d93f0c7
Managed XDR