General

  • Target

    5161cf5a44a962f9855f10b9b98a841af4263f511c5bd54912da6352bba40994

  • Size

    234KB

  • Sample

    240909-nqagwawajq

  • MD5

    31e880ad362e1ea1b435f3ec8b1da16b

  • SHA1

    bd1daf68aaf7b47cb80e10254eb8324019e52ea9

  • SHA256

    5161cf5a44a962f9855f10b9b98a841af4263f511c5bd54912da6352bba40994

  • SHA512

    f16e271525effb21e747cb49c6b9ebd57fe098004e1abe92cb1ab1b00eb30a912d63cad80957024cbf52cd41c33218c0fc717c5fbd8e64bdcc940a9bb8160ed9

  • SSDEEP

    6144:b2iP/aK2h91OH/B+/kBV+UdvrEFp7hKx6:bLP/aK2lOfB+sBjvrEH7C6

Malware Config

Targets

    • Target

      5161cf5a44a962f9855f10b9b98a841af4263f511c5bd54912da6352bba40994

    • Size

      234KB

    • MD5

      31e880ad362e1ea1b435f3ec8b1da16b

    • SHA1

      bd1daf68aaf7b47cb80e10254eb8324019e52ea9

    • SHA256

      5161cf5a44a962f9855f10b9b98a841af4263f511c5bd54912da6352bba40994

    • SHA512

      f16e271525effb21e747cb49c6b9ebd57fe098004e1abe92cb1ab1b00eb30a912d63cad80957024cbf52cd41c33218c0fc717c5fbd8e64bdcc940a9bb8160ed9

    • SSDEEP

      6144:b2iP/aK2h91OH/B+/kBV+UdvrEFp7hKx6:bLP/aK2lOfB+sBjvrEH7C6

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks