General

  • Target

    94c10238fcf5a2824e580cfcd2a627d0N

  • Size

    4.6MB

  • Sample

    240909-g3mveaxfmh

  • MD5

    94c10238fcf5a2824e580cfcd2a627d0

  • SHA1

    519bed23bd5a26122e729d9aab41d0162a00b9c2

  • SHA256

    fccc0ee330766c969f64dc541ced20dce63b6937f3ba9836a422d84a254ec370

  • SHA512

    9a408ef8047e587be58e4485e1c174be075ee817b807a10858604bbbc67771ba6b72cd80a0e8452ac98db6cd80f8ce414c8be2f2abaec8ad34c9576fabc74f95

  • SSDEEP

    98304:IKv0C0FHOA2YzovWuE+ETFN0aOGMIXXa3G:I/C0FvkZErDVOmoG

Malware Config

Targets

    • Target

      94c10238fcf5a2824e580cfcd2a627d0N

    • Size

      4.6MB

    • MD5

      94c10238fcf5a2824e580cfcd2a627d0

    • SHA1

      519bed23bd5a26122e729d9aab41d0162a00b9c2

    • SHA256

      fccc0ee330766c969f64dc541ced20dce63b6937f3ba9836a422d84a254ec370

    • SHA512

      9a408ef8047e587be58e4485e1c174be075ee817b807a10858604bbbc67771ba6b72cd80a0e8452ac98db6cd80f8ce414c8be2f2abaec8ad34c9576fabc74f95

    • SSDEEP

      98304:IKv0C0FHOA2YzovWuE+ETFN0aOGMIXXa3G:I/C0FvkZErDVOmoG

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks