General

  • Target

    91bf3d65a595320796f3eee5f4f43472bc2fccb9e7c8e5f1bf7f04c39e5366d0

  • Size

    185KB

  • Sample

    240729-3t1kssxbkn

  • MD5

    235337748b6f9bb9731cd1d575430de0

  • SHA1

    c89e685a626a88cdb3995b7558b7f9164f0694c6

  • SHA256

    91bf3d65a595320796f3eee5f4f43472bc2fccb9e7c8e5f1bf7f04c39e5366d0

  • SHA512

    b7a509694e85792da754edd08fe1f2bb8f31b2170b63a40954c391f35fc5b39e9d3a26a3b489bbf11927910990a7f41195563d36b246b027c5c084f94238b2dc

  • SSDEEP

    3072:JZeZqYEUXPnN98qFxuzVMlgq0+h3Ziybi3uN2lQBV+UdE+rECWp7hKTit1DRSM:CxEUXxruGF2ke6BV+UdvrEFp7hKut1DN

Malware Config

Targets

    • Target

      91bf3d65a595320796f3eee5f4f43472bc2fccb9e7c8e5f1bf7f04c39e5366d0

    • Size

      185KB

    • MD5

      235337748b6f9bb9731cd1d575430de0

    • SHA1

      c89e685a626a88cdb3995b7558b7f9164f0694c6

    • SHA256

      91bf3d65a595320796f3eee5f4f43472bc2fccb9e7c8e5f1bf7f04c39e5366d0

    • SHA512

      b7a509694e85792da754edd08fe1f2bb8f31b2170b63a40954c391f35fc5b39e9d3a26a3b489bbf11927910990a7f41195563d36b246b027c5c084f94238b2dc

    • SSDEEP

      3072:JZeZqYEUXPnN98qFxuzVMlgq0+h3Ziybi3uN2lQBV+UdE+rECWp7hKTit1DRSM:CxEUXxruGF2ke6BV+UdvrEFp7hKut1DN

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks