General

  • Target

    914c4c5a7e11a95b47f942fdedda2500N.exe

  • Size

    1.1MB

  • Sample

    240815-r4sr6axbja

  • MD5

    914c4c5a7e11a95b47f942fdedda2500

  • SHA1

    727e41526e8c8e8803e88214b197239a0a3ea794

  • SHA256

    78239b6ac1cf77a547e4394f9c669565e6d0467c0a2fe168f947655ed13928da

  • SHA512

    f2ed31ba647505bac082ba87c008d4a30ed16e8f6009e8592b1204b92847f8e248a1e29e6ec27250d3a78eb9a5c80517efb4d8c2a346e849fae3b57c89848c2c

  • SSDEEP

    24576:X1gfZIAiHOfgDaRt/HeoUaDBfLoAcjyirEH7T:FgRSDYjh

Malware Config

Targets

    • Target

      914c4c5a7e11a95b47f942fdedda2500N.exe

    • Size

      1.1MB

    • MD5

      914c4c5a7e11a95b47f942fdedda2500

    • SHA1

      727e41526e8c8e8803e88214b197239a0a3ea794

    • SHA256

      78239b6ac1cf77a547e4394f9c669565e6d0467c0a2fe168f947655ed13928da

    • SHA512

      f2ed31ba647505bac082ba87c008d4a30ed16e8f6009e8592b1204b92847f8e248a1e29e6ec27250d3a78eb9a5c80517efb4d8c2a346e849fae3b57c89848c2c

    • SSDEEP

      24576:X1gfZIAiHOfgDaRt/HeoUaDBfLoAcjyirEH7T:FgRSDYjh

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks