Denim_reflux_roving_dove.7z | Direct & Complete

The malware modifies the Windows Registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure execution on boot.

Enforce a mandatory password reset for accounts identified in the /logs/ directory. Denim_Reflux_Roving_Dove.7z

Attempts to beacon to dove-reflux-api.net via HTTPS on port 443. Denim_Reflux_Roving_Dove.7z

Run a fleet-wide scan for the SHA-256 hashes identified in Section 2. Denim_Reflux_Roving_Dove.7z

Upon extraction, the archive revealed the following directory structure: