General

  • Target

    f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb

  • Size

    1.6MB

  • Sample

    240730-esx7aaydkf

  • MD5

    92e17df0c84acc4195ae7a0de22219c3

  • SHA1

    1632b9e87d9cf820d8c52d0d820d524447c7b1dd

  • SHA256

    f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb

  • SHA512

    a2dc8303145f1079f6c957d31ac56590cee0f145d5a0e67e3c68d98b354b1ce0d269b2067a66454684beecd14ba134bfa00a82c3bb2aa221cc745979bda6070a

  • SSDEEP

    24576:b3xCQTCx+0YXZKmNlaDLar12Gr1+HBF19TaJB5W520Hz7UgvvQPA8rEH7f:rxduQomDTUL19TkBIg0Hz7N4Pe

Malware Config

Targets

    • Target

      f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb

    • Size

      1.6MB

    • MD5

      92e17df0c84acc4195ae7a0de22219c3

    • SHA1

      1632b9e87d9cf820d8c52d0d820d524447c7b1dd

    • SHA256

      f360ee9b5ac039cf084dc88e18093a23edd1ae3e94da99b7594a594d90ce59fb

    • SHA512

      a2dc8303145f1079f6c957d31ac56590cee0f145d5a0e67e3c68d98b354b1ce0d269b2067a66454684beecd14ba134bfa00a82c3bb2aa221cc745979bda6070a

    • SSDEEP

      24576:b3xCQTCx+0YXZKmNlaDLar12Gr1+HBF19TaJB5W520Hz7UgvvQPA8rEH7f:rxduQomDTUL19TkBIg0Hz7N4Pe

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks