General

  • Target

    7fe701748f225f49ab6a7de85de511b9a288a2648b6a2822316247625c8bda17

  • Size

    243KB

  • Sample

    240729-25myeavgmq

  • MD5

    1f816fe04bb2f456e03dff1291c6c3e8

  • SHA1

    c92908dd1d60181be3b0cf5aeb46e184d1383aa7

  • SHA256

    7fe701748f225f49ab6a7de85de511b9a288a2648b6a2822316247625c8bda17

  • SHA512

    b63b0efa759f8fbd7a1a0605858399931bc073ef914b63dad27d9f449ed3feba35377a5c016d2b7e027058596acb242d807b00a6b6c7a73f19c59644bb08ef75

  • SSDEEP

    6144:nduaytHbBkgt7i8n8g2QlBV+UdvrEFp7hKW8vxz:dQtHbB/7ugPBjvrEH7HKz

Malware Config

Targets

    • Target

      7fe701748f225f49ab6a7de85de511b9a288a2648b6a2822316247625c8bda17

    • Size

      243KB

    • MD5

      1f816fe04bb2f456e03dff1291c6c3e8

    • SHA1

      c92908dd1d60181be3b0cf5aeb46e184d1383aa7

    • SHA256

      7fe701748f225f49ab6a7de85de511b9a288a2648b6a2822316247625c8bda17

    • SHA512

      b63b0efa759f8fbd7a1a0605858399931bc073ef914b63dad27d9f449ed3feba35377a5c016d2b7e027058596acb242d807b00a6b6c7a73f19c59644bb08ef75

    • SSDEEP

      6144:nduaytHbBkgt7i8n8g2QlBV+UdvrEFp7hKW8vxz:dQtHbB/7ugPBjvrEH7HKz

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks