General

  • Target

    cf96adc93b4d519c885205f58a8a258ce28049862f86e54d708a82587437ac2f

  • Size

    1.4MB

  • Sample

    240730-hpqjtavdkp

  • MD5

    1ab651ba5ab3b8390f695d1ced979ce0

  • SHA1

    d48be0e77f9995b8d5ddb64165f4d9716ac78870

  • SHA256

    cf96adc93b4d519c885205f58a8a258ce28049862f86e54d708a82587437ac2f

  • SHA512

    1ca17109a352a7065842aee759c2dbb9ab6af24ea7c678809f1625c00890749ba9291409e23b679b8bd8c8b93ce6d9f7170c9918c3d430a88f6421b95d7011d5

  • SSDEEP

    24576:oZK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq7re:MK783MoXnFv3dcj7q5LsLp3CceMuczXq

Malware Config

Targets

    • Target

      cf96adc93b4d519c885205f58a8a258ce28049862f86e54d708a82587437ac2f

    • Size

      1.4MB

    • MD5

      1ab651ba5ab3b8390f695d1ced979ce0

    • SHA1

      d48be0e77f9995b8d5ddb64165f4d9716ac78870

    • SHA256

      cf96adc93b4d519c885205f58a8a258ce28049862f86e54d708a82587437ac2f

    • SHA512

      1ca17109a352a7065842aee759c2dbb9ab6af24ea7c678809f1625c00890749ba9291409e23b679b8bd8c8b93ce6d9f7170c9918c3d430a88f6421b95d7011d5

    • SSDEEP

      24576:oZK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq7re:MK783MoXnFv3dcj7q5LsLp3CceMuczXq

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks