General

  • Target

    867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

  • Size

    2.5MB

  • Sample

    240816-rwh8razckf

  • MD5

    bec3dbbf30ea2b5153052aaa84a9d87a

  • SHA1

    e102c10564f9a9dbad6559931e8c6ac1c2f33f91

  • SHA256

    867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

  • SHA512

    88daef0e55f19c2446770f34cc9ede6c5bf05b6fc675c2668dca17eae1ac16cfba12b8dc9b3baec258b2d5233879c21cd3cda63a2dfb86d63be8b3dbfc135804

  • SSDEEP

    49152:tuIkKzofs2hPd2l177BTK2VbDsar1YDj0:tjWfs2hPIl1/X

Malware Config

Targets

    • Target

      867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

    • Size

      2.5MB

    • MD5

      bec3dbbf30ea2b5153052aaa84a9d87a

    • SHA1

      e102c10564f9a9dbad6559931e8c6ac1c2f33f91

    • SHA256

      867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

    • SHA512

      88daef0e55f19c2446770f34cc9ede6c5bf05b6fc675c2668dca17eae1ac16cfba12b8dc9b3baec258b2d5233879c21cd3cda63a2dfb86d63be8b3dbfc135804

    • SSDEEP

      49152:tuIkKzofs2hPd2l177BTK2VbDsar1YDj0:tjWfs2hPIl1/X

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks