General

  • Target

    b2541a7747212b2e4e250d660fea4c30N.exe

  • Size

    5.2MB

  • Sample

    240727-lvtp7svelb

  • MD5

    b2541a7747212b2e4e250d660fea4c30

  • SHA1

    42acac0b299d6f1f13f79794fad8a0cddc498c4d

  • SHA256

    cc33efbddfc4349d4e4ff6ba0bbfa8d07f24d074c1b0bc98743e19c0d590d023

  • SHA512

    8d33812cb1f8a0ac7859608e7bcbeca2e0b341b3bba815a16f02e1739232abd28791ce6bd391786855f3fda8d6a78b1492f775e834b57560557fbd351cf2ea86

  • SSDEEP

    49152:104mSepIRjnv+yR5l1mQw9IJtwDhTsfAPLnzZF3dkYUsDJNsc8jDj5ZkaGAC0w2x:1TepIRbvXvtQhTs49OsDJNsc8V

Malware Config

Targets

    • Target

      b2541a7747212b2e4e250d660fea4c30N.exe

    • Size

      5.2MB

    • MD5

      b2541a7747212b2e4e250d660fea4c30

    • SHA1

      42acac0b299d6f1f13f79794fad8a0cddc498c4d

    • SHA256

      cc33efbddfc4349d4e4ff6ba0bbfa8d07f24d074c1b0bc98743e19c0d590d023

    • SHA512

      8d33812cb1f8a0ac7859608e7bcbeca2e0b341b3bba815a16f02e1739232abd28791ce6bd391786855f3fda8d6a78b1492f775e834b57560557fbd351cf2ea86

    • SSDEEP

      49152:104mSepIRjnv+yR5l1mQw9IJtwDhTsfAPLnzZF3dkYUsDJNsc8jDj5ZkaGAC0w2x:1TepIRbvXvtQhTs49OsDJNsc8V

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Blocklisted process makes network request

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks