General

  • Target

    476665a4f22c7c349940908c36e19e10N

  • Size

    420KB

  • Sample

    240909-h9jl1azcjd

  • MD5

    476665a4f22c7c349940908c36e19e10

  • SHA1

    891459c6743046197e38ab276f894db6dab46d2b

  • SHA256

    6c1b37fe5d62167443ca8866603abcfdfef1fc7a1caf8d270fc416bbfe92e9f5

  • SHA512

    abe9f775687340fd45212449c05689ca086a888babab5c8bab7170214acb548e6d1761a2e1df624925f64477b30340d52283a4bf1a1af39e063af887cd2cf295

  • SSDEEP

    6144:BNZtW+lbGX9CAOgAOr+Z2K/lTDaBV+UdvrEFp7hKox:BlPGX9CuZJQlKBjvrEH7Lx

Malware Config

Targets

    • Target

      476665a4f22c7c349940908c36e19e10N

    • Size

      420KB

    • MD5

      476665a4f22c7c349940908c36e19e10

    • SHA1

      891459c6743046197e38ab276f894db6dab46d2b

    • SHA256

      6c1b37fe5d62167443ca8866603abcfdfef1fc7a1caf8d270fc416bbfe92e9f5

    • SHA512

      abe9f775687340fd45212449c05689ca086a888babab5c8bab7170214acb548e6d1761a2e1df624925f64477b30340d52283a4bf1a1af39e063af887cd2cf295

    • SSDEEP

      6144:BNZtW+lbGX9CAOgAOr+Z2K/lTDaBV+UdvrEFp7hKox:BlPGX9CuZJQlKBjvrEH7Lx

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks