General

  • Target

    2024-07-30_820cd8086b660e552e5f7ee1f7eb35e5_floxif_icedid

  • Size

    6.4MB

  • Sample

    240730-ayrjgatbre

  • MD5

    820cd8086b660e552e5f7ee1f7eb35e5

  • SHA1

    db82205175d8f4b06ca1aaf575898ce231eec4ae

  • SHA256

    8d88192f24ddfc9324dfca7e8b5c0d2ee6818af4df1ae774a9608246fa532ac1

  • SHA512

    e04cf14408eea9f349da44a3169ac2c359d7b67c576837389c176a2c70ce000afc9be6003d7b10d3f672ce478b5e7ef8f9fa34aec467cb796621e2f03a00bdb4

  • SSDEEP

    98304:7acgWC6MbNe3tx5O4ZNpLXp33EBqMUBB2Z6YfCuB0iSwgqdN5GAp:KlpIx5O2NpTSBGT46YfCuB0bwfN5GAp

Malware Config

Targets

    • Target

      2024-07-30_820cd8086b660e552e5f7ee1f7eb35e5_floxif_icedid

    • Size

      6.4MB

    • MD5

      820cd8086b660e552e5f7ee1f7eb35e5

    • SHA1

      db82205175d8f4b06ca1aaf575898ce231eec4ae

    • SHA256

      8d88192f24ddfc9324dfca7e8b5c0d2ee6818af4df1ae774a9608246fa532ac1

    • SHA512

      e04cf14408eea9f349da44a3169ac2c359d7b67c576837389c176a2c70ce000afc9be6003d7b10d3f672ce478b5e7ef8f9fa34aec467cb796621e2f03a00bdb4

    • SSDEEP

      98304:7acgWC6MbNe3tx5O4ZNpLXp33EBqMUBB2Z6YfCuB0iSwgqdN5GAp:KlpIx5O2NpTSBGT46YfCuB0bwfN5GAp

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks