General

  • Target

    82e9b2b371a1bc7a62bdc6b906a47e70N.exe

  • Size

    737KB

  • Sample

    240815-nw5vzavcrk

  • MD5

    82e9b2b371a1bc7a62bdc6b906a47e70

  • SHA1

    9386f5d6767aeda6c1ad889f0d3424364055504d

  • SHA256

    e2b974bfd10f5b97b743dd39bf458e55314e2df60e7aa4f08149d3342555070a

  • SHA512

    3d5240e919869e4891d45f5f634d4c16ce2a56764154631b7c522b99cebda433d30fcbea1fbc86f4842b3d4c04c8f0b53276e6d44d05802dc5c521c0e2f26780

  • SSDEEP

    12288:uYHuTwSumhX2VUxGaiUwT3DC4HXbyA3A9xzCt6+D6ccNzkkZrBjvrEH7R:uYHAwCX2RRS4r9Q9Qt6+HcNztDrEH7R

Malware Config

Targets

    • Target

      82e9b2b371a1bc7a62bdc6b906a47e70N.exe

    • Size

      737KB

    • MD5

      82e9b2b371a1bc7a62bdc6b906a47e70

    • SHA1

      9386f5d6767aeda6c1ad889f0d3424364055504d

    • SHA256

      e2b974bfd10f5b97b743dd39bf458e55314e2df60e7aa4f08149d3342555070a

    • SHA512

      3d5240e919869e4891d45f5f634d4c16ce2a56764154631b7c522b99cebda433d30fcbea1fbc86f4842b3d4c04c8f0b53276e6d44d05802dc5c521c0e2f26780

    • SSDEEP

      12288:uYHuTwSumhX2VUxGaiUwT3DC4HXbyA3A9xzCt6+D6ccNzkkZrBjvrEH7R:uYHAwCX2RRS4r9Q9Qt6+HcNztDrEH7R

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks