General

  • Target

    855c3034bf7778a1c174b85abc1f82cca2a5e78506803228805b6384ad875fe0

  • Size

    1.6MB

  • Sample

    240815-mz5tpsygnb

  • MD5

    2a5dfe31c5e1139af4a48389a849d553

  • SHA1

    e5a654ba3a245b71c6b07dfee71e24789edb0799

  • SHA256

    855c3034bf7778a1c174b85abc1f82cca2a5e78506803228805b6384ad875fe0

  • SHA512

    7771fa3cddaf7b55206ce19b88b6a4586d4cde21bb14771ae536abaa2f43d7c86d0d719a41377ffe0db7122ae1a2858d75364967cf68abe5e362eb2b534afe6a

  • SSDEEP

    24576:EedIJcNVXu2hBHfU+eraM8kOJAoy2eXWDhhOfrRP8HE+zJfE9iQsnL44Euxo2UTY:dJHflhrGqkuJfEHKLZEux3UE

Malware Config

Targets

    • Target

      855c3034bf7778a1c174b85abc1f82cca2a5e78506803228805b6384ad875fe0

    • Size

      1.6MB

    • MD5

      2a5dfe31c5e1139af4a48389a849d553

    • SHA1

      e5a654ba3a245b71c6b07dfee71e24789edb0799

    • SHA256

      855c3034bf7778a1c174b85abc1f82cca2a5e78506803228805b6384ad875fe0

    • SHA512

      7771fa3cddaf7b55206ce19b88b6a4586d4cde21bb14771ae536abaa2f43d7c86d0d719a41377ffe0db7122ae1a2858d75364967cf68abe5e362eb2b534afe6a

    • SSDEEP

      24576:EedIJcNVXu2hBHfU+eraM8kOJAoy2eXWDhhOfrRP8HE+zJfE9iQsnL44Euxo2UTY:dJHflhrGqkuJfEHKLZEux3UE

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks