General

  • Target

    019de07962170962dcfd600ab40e14d8c1520633c95b511e4d245403a41d76a3

  • Size

    4.3MB

  • Sample

    240913-vg3kmaycna

  • MD5

    d8f18482ecc91109fc0760b6b79d77cf

  • SHA1

    08f6f9d3d23b636c3cbfe088b65477bfcef41e1b

  • SHA256

    019de07962170962dcfd600ab40e14d8c1520633c95b511e4d245403a41d76a3

  • SHA512

    1b4b719b7c2f97802a09cf74806ae645481102c3d828a8b205255b992f974d490417b38add7cb286e20608b6f3d4a5e6a58e56fab11a217728027fc50dd6c132

  • SSDEEP

    49152:XZXI/0pnoJ4B2BSeGz7UpU1EM+UH8aE5fcSv7pqiEUPdPzTZ0d5EHHRfedixeVmU:2YnzYUz7UieM+U5YcEoXVtZYs

Malware Config

Targets

    • Target

      019de07962170962dcfd600ab40e14d8c1520633c95b511e4d245403a41d76a3

    • Size

      4.3MB

    • MD5

      d8f18482ecc91109fc0760b6b79d77cf

    • SHA1

      08f6f9d3d23b636c3cbfe088b65477bfcef41e1b

    • SHA256

      019de07962170962dcfd600ab40e14d8c1520633c95b511e4d245403a41d76a3

    • SHA512

      1b4b719b7c2f97802a09cf74806ae645481102c3d828a8b205255b992f974d490417b38add7cb286e20608b6f3d4a5e6a58e56fab11a217728027fc50dd6c132

    • SSDEEP

      49152:XZXI/0pnoJ4B2BSeGz7UpU1EM+UH8aE5fcSv7pqiEUPdPzTZ0d5EHHRfedixeVmU:2YnzYUz7UieM+U5YcEoXVtZYs

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks