General

  • Target

    2024091094846960886bd80460316cf023cf6909avoslockerfloxifrevil

  • Size

    2.2MB

  • Sample

    240910-hcbj5azhkn

  • MD5

    94846960886bd80460316cf023cf6909

  • SHA1

    7ed8c1caf2d8b7d3899af95a950d49ab81c7939a

  • SHA256

    91a4d6d8d86c2d05b8ea40037a908401724e03aff6ba762eed413757652d3cbe

  • SHA512

    f9678c34e04348b4b289b5cc08295668961ffbbcb8194a79bd591314f492d9a03eea0d746e4f11d413a74bf772d2bb2cc281f893fce31af416b649466c5a902d

  • SSDEEP

    49152:Jxp462cSrHt/BqUqMdFHMRU7tPAqRmruhGMrI6pf4:Jxp4hcSrHtp5jCqRmB

Malware Config

Targets

    • Target

      2024091094846960886bd80460316cf023cf6909avoslockerfloxifrevil

    • Size

      2.2MB

    • MD5

      94846960886bd80460316cf023cf6909

    • SHA1

      7ed8c1caf2d8b7d3899af95a950d49ab81c7939a

    • SHA256

      91a4d6d8d86c2d05b8ea40037a908401724e03aff6ba762eed413757652d3cbe

    • SHA512

      f9678c34e04348b4b289b5cc08295668961ffbbcb8194a79bd591314f492d9a03eea0d746e4f11d413a74bf772d2bb2cc281f893fce31af416b649466c5a902d

    • SSDEEP

      49152:Jxp462cSrHt/BqUqMdFHMRU7tPAqRmruhGMrI6pf4:Jxp4hcSrHtp5jCqRmB

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks