General

  • Target

    202409107161832bb856c1f9d0e02ffa1618f12ffloxifhijackloadericedid

  • Size

    2.1MB

  • Sample

    240910-ham55ssakd

  • MD5

    7161832bb856c1f9d0e02ffa1618f12f

  • SHA1

    e31224daad163e30b338bfadf9d806dbd6c8d6d5

  • SHA256

    13e742a80e011cfacd555eddbaab5639c17a1bf66e6ea022ce41585df223527d

  • SHA512

    54573982d9ecc2d5723e82f92288cd7ad28f5fbdb68cfdba7ff88063bcb54119a68c23d35b74b0e06a4599ffd115ba8123315eb530782d56b96028245b11f2eb

  • SSDEEP

    49152:V8PsZNCH5OAxh5f1fWtfxaPZXbuo3j5XpI:uPsZu5OA4fxaPhbuo3j5XpI

Malware Config

Targets

    • Target

      202409107161832bb856c1f9d0e02ffa1618f12ffloxifhijackloadericedid

    • Size

      2.1MB

    • MD5

      7161832bb856c1f9d0e02ffa1618f12f

    • SHA1

      e31224daad163e30b338bfadf9d806dbd6c8d6d5

    • SHA256

      13e742a80e011cfacd555eddbaab5639c17a1bf66e6ea022ce41585df223527d

    • SHA512

      54573982d9ecc2d5723e82f92288cd7ad28f5fbdb68cfdba7ff88063bcb54119a68c23d35b74b0e06a4599ffd115ba8123315eb530782d56b96028245b11f2eb

    • SSDEEP

      49152:V8PsZNCH5OAxh5f1fWtfxaPZXbuo3j5XpI:uPsZu5OA4fxaPhbuo3j5XpI

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks