Overview

overview

10

Static

static

3

2cbfdff2b8...0N.dll

windows7-x64

10

2cbfdff2b8...0N.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2cbfdff2b89675c555f2301bf833ad20N.exe

  • Size

    5.2MB

  • Sample

    240721-aappzatank

  • MD5

    2cbfdff2b89675c555f2301bf833ad20

  • SHA1

    44e15095f290048bf76f5447413c747a4c2e775a

  • SHA256

    0ca8d4f289e60fe318ff14ce812c337232643df2e61e3cf0f8e2767ea5f321e5

  • SHA512

    5dbbacc1fa8a3e8f656e97df342b23b66363a29ea0b95f2717cba7f2230eb5bcbda478d94256e9d9ed3eec497b883c5e5b31dbd4d31f50865fd799ae5a57aa4c

  • SSDEEP

    49152:104mS4pIRjnv+yR5lEmQw9IJtwohTsfAPLnzZF3dkYUsDJNsc8jDj5ZkaGAC0w2G:1T4pIRbvX8tjhTs49OsDJNsc8y

Score
10/10
floxifbackdoortrojanupx

Malware Config

Targets

    • Target

      2cbfdff2b89675c555f2301bf833ad20N.exe

    • Size

      5.2MB

    • MD5

      2cbfdff2b89675c555f2301bf833ad20

    • SHA1

      44e15095f290048bf76f5447413c747a4c2e775a

    • SHA256

      0ca8d4f289e60fe318ff14ce812c337232643df2e61e3cf0f8e2767ea5f321e5

    • SHA512

      5dbbacc1fa8a3e8f656e97df342b23b66363a29ea0b95f2717cba7f2230eb5bcbda478d94256e9d9ed3eec497b883c5e5b31dbd4d31f50865fd799ae5a57aa4c

    • SSDEEP

      49152:104mS4pIRjnv+yR5lEmQw9IJtwohTsfAPLnzZF3dkYUsDJNsc8jDj5ZkaGAC0w2G:1T4pIRbvX8tjhTs49OsDJNsc8y

    Score
    10/10
    floxifbackdoortrojanupx

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks