General

  • Target

    cdc5030ede8842a76b86d9c393a68c80f14c0c7016c80260f3752b296def963e

  • Size

    227KB

  • Sample

    240908-z9y55awcrm

  • MD5

    17655efca257005a18be8357f3e41a64

  • SHA1

    4de2b031358b61ee82f2cb38dd35cab11c861ef6

  • SHA256

    cdc5030ede8842a76b86d9c393a68c80f14c0c7016c80260f3752b296def963e

  • SHA512

    44720938609732e8b8f429df56f8bb5924cd4189e86d673a2e8bea678a364e21d6536f15fcc07197cc0648dd967b914a48b2ded037b6b9de7c89de5a34920936

  • SSDEEP

    3072:sAt2SbYmhp3iTOZQvfSERdX9Zk8ACB+6l4nfS3wjVSzpD2MhkNJoSloS+Zh52ruo:3vhcjRjB+O+/VBV+UdvrEFp7hKRVvIs

Malware Config

Targets

    • Target

      cdc5030ede8842a76b86d9c393a68c80f14c0c7016c80260f3752b296def963e

    • Size

      227KB

    • MD5

      17655efca257005a18be8357f3e41a64

    • SHA1

      4de2b031358b61ee82f2cb38dd35cab11c861ef6

    • SHA256

      cdc5030ede8842a76b86d9c393a68c80f14c0c7016c80260f3752b296def963e

    • SHA512

      44720938609732e8b8f429df56f8bb5924cd4189e86d673a2e8bea678a364e21d6536f15fcc07197cc0648dd967b914a48b2ded037b6b9de7c89de5a34920936

    • SSDEEP

      3072:sAt2SbYmhp3iTOZQvfSERdX9Zk8ACB+6l4nfS3wjVSzpD2MhkNJoSloS+Zh52ruo:3vhcjRjB+O+/VBV+UdvrEFp7hKRVvIs

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks