Extracted

• • Target

    880f61558c6a2404be982ba625c56390N.exe

  • Size

    443KB

  • MD5

    880f61558c6a2404be982ba625c56390

  • SHA1

    ee53795ceae1cfc9be2f56693b628ebed43df96e

  • SHA256

    e6e9923edcb92aa5b4194e670f94af1435b5ede9eb7c4fc2604e56481a4b9744

  • SHA512

    cbc1e9eacd14adc1e4d1c421abdaa4042afcbb166888b99912402a4afe825e928efc9b3bf181de3412b43cbf1b983f01c0ce1cd7760b6d3d944b43e0e327147f

  • SSDEEP

    12288:AtbTE1rkt826L4xd1Ei05t6empQ+uK+JApHJBjvrEH7r:At818EiKTmp2oHXrEH7r

  Score

  10^/10

  floxifmylobotbackdoorbotnetdiscoverypersistenceprivilege_escalationtrojanupx

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif

  • Mylobot

    Botnet which first appeared in 2017 written in C++.

    botnetmylobot

  • Detects Floxif payload

    backdoor

  • Blocklisted process makes network request

  • Event Triggered Execution: AppInit DLLs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2