General

  • Target

    2024-08-16_8253f93383302d46e0fcdd26f5f7617f_floxif_magniber

  • Size

    1.8MB

  • Sample

    240816-pqnvyaydrq

  • MD5

    8253f93383302d46e0fcdd26f5f7617f

  • SHA1

    d7ccb4b93cfc2b57d66915a7c2525dfde7c885a0

  • SHA256

    170ff17f7874c763fd354377bfdf369b551122324fb361a80a8c4f0f4b6cadfd

  • SHA512

    5811b68b79cf3ea1e0f470da1c682b769319a38154b79bcab3cd7e864b56092f10897e6958b8342b57ad3ef6716938536ba14536d3362ebcaf226eb4a8d8c4e3

  • SSDEEP

    24576:rqyoppMC3ezCb30zKiKYl+jX+Bk5N9ndZlW0Uc04KzchfuvG51rI2l3VroatPg3w:zQbkzSYl+aFUrhf3LIg3VEarMlyT

Malware Config

Targets

    • Target

      2024-08-16_8253f93383302d46e0fcdd26f5f7617f_floxif_magniber

    • Size

      1.8MB

    • MD5

      8253f93383302d46e0fcdd26f5f7617f

    • SHA1

      d7ccb4b93cfc2b57d66915a7c2525dfde7c885a0

    • SHA256

      170ff17f7874c763fd354377bfdf369b551122324fb361a80a8c4f0f4b6cadfd

    • SHA512

      5811b68b79cf3ea1e0f470da1c682b769319a38154b79bcab3cd7e864b56092f10897e6958b8342b57ad3ef6716938536ba14536d3362ebcaf226eb4a8d8c4e3

    • SSDEEP

      24576:rqyoppMC3ezCb30zKiKYl+jX+Bk5N9ndZlW0Uc04KzchfuvG51rI2l3VroatPg3w:zQbkzSYl+aFUrhf3LIg3VEarMlyT

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks