General

  • Target

    4b4da3f46c39fb8ddca5a70f1cc465fd4c26532ef19b566eb25d73bb4e60b816

  • Size

    287KB

  • Sample

    240730-eexzcsycjd

  • MD5

    d70217e1fd55e1f1105958a3d21542c7

  • SHA1

    7c5ede6ee02d52af83149c913c1ea0eeeb0b4801

  • SHA256

    4b4da3f46c39fb8ddca5a70f1cc465fd4c26532ef19b566eb25d73bb4e60b816

  • SHA512

    29eaa15ba6298414c4be1fb0dbfff0b8f046003cd7bc3b1b4599c91033dc41758d4a86c3844665c82be763f6779bdde97f613f6a5cc8950ef902df8be0f140cb

  • SSDEEP

    6144:pzTuN9afTJ7tuyXTZBB+R8WpMBV+UdvrEFp7hK7:pzTuN9abJ7tuyXTvB+R8WiBjvrEH7w

Malware Config

Targets

    • Target

      4b4da3f46c39fb8ddca5a70f1cc465fd4c26532ef19b566eb25d73bb4e60b816

    • Size

      287KB

    • MD5

      d70217e1fd55e1f1105958a3d21542c7

    • SHA1

      7c5ede6ee02d52af83149c913c1ea0eeeb0b4801

    • SHA256

      4b4da3f46c39fb8ddca5a70f1cc465fd4c26532ef19b566eb25d73bb4e60b816

    • SHA512

      29eaa15ba6298414c4be1fb0dbfff0b8f046003cd7bc3b1b4599c91033dc41758d4a86c3844665c82be763f6779bdde97f613f6a5cc8950ef902df8be0f140cb

    • SSDEEP

      6144:pzTuN9afTJ7tuyXTZBB+R8WpMBV+UdvrEFp7hK7:pzTuN9abJ7tuyXTvB+R8WiBjvrEH7w

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks