General

  • Target

    0e5343d466d238ba40cb2f3c88d42dc36fd60863602e1641326ca5ee3bc6c56e

  • Size

    377KB

  • Sample

    240727-xkf7xatbrq

  • MD5

    9c5aa5aa73ae697417bb17733913e66d

  • SHA1

    38bbce22e9f7f3d36ac1a11f56f8d0335892614c

  • SHA256

    0e5343d466d238ba40cb2f3c88d42dc36fd60863602e1641326ca5ee3bc6c56e

  • SHA512

    53003abe421440f92f756389f508feba1af14953372da4a4fd066ec20d047943f427215348d1181464a0bb64aee73dff5d921d401f7294a91da6bd57ffb8c6d8

  • SSDEEP

    3072:uglilKqmhpo0Sb9OpxRAWHiQj2Q9+7WHJnLXwULLRWX2lQBV+UdE+rECWp7hKlJ:+9oLRA8aQ9ISLWBV+UdvrEFp7hKlJ

Malware Config

Targets

    • Target

      0e5343d466d238ba40cb2f3c88d42dc36fd60863602e1641326ca5ee3bc6c56e

    • Size

      377KB

    • MD5

      9c5aa5aa73ae697417bb17733913e66d

    • SHA1

      38bbce22e9f7f3d36ac1a11f56f8d0335892614c

    • SHA256

      0e5343d466d238ba40cb2f3c88d42dc36fd60863602e1641326ca5ee3bc6c56e

    • SHA512

      53003abe421440f92f756389f508feba1af14953372da4a4fd066ec20d047943f427215348d1181464a0bb64aee73dff5d921d401f7294a91da6bd57ffb8c6d8

    • SSDEEP

      3072:uglilKqmhpo0Sb9OpxRAWHiQj2Q9+7WHJnLXwULLRWX2lQBV+UdE+rECWp7hKlJ:+9oLRA8aQ9ISLWBV+UdvrEFp7hKlJ

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks