General

  • Target

    a7204ed059a0400bd8eb60b8b7e3f930N

  • Size

    2.1MB

  • Sample

    240914-hjaw6s1hlf

  • MD5

    a7204ed059a0400bd8eb60b8b7e3f930

  • SHA1

    065e191e19939201f7528f33a4cb44457cce5e06

  • SHA256

    2d85f4f0742d881ae1f896f76b9cb64abfcd31b71d89d1292cb70e651b0819be

  • SHA512

    7e185f5888b1debb48654f2d360390a5d9a5780daa1b76201c3e7f46603e095f620984735e0c5ef958d68caef52687fbe0b213edfd1888041b0381d09361d4c8

  • SSDEEP

    49152:cVlvpIwHo5EbQfXvBIsyBjuv11f1jKwsRAVnB7k:8hpC5E0vJTCjut1qyVnO

Malware Config

Targets

    • Target

      a7204ed059a0400bd8eb60b8b7e3f930N

    • Size

      2.1MB

    • MD5

      a7204ed059a0400bd8eb60b8b7e3f930

    • SHA1

      065e191e19939201f7528f33a4cb44457cce5e06

    • SHA256

      2d85f4f0742d881ae1f896f76b9cb64abfcd31b71d89d1292cb70e651b0819be

    • SHA512

      7e185f5888b1debb48654f2d360390a5d9a5780daa1b76201c3e7f46603e095f620984735e0c5ef958d68caef52687fbe0b213edfd1888041b0381d09361d4c8

    • SSDEEP

      49152:cVlvpIwHo5EbQfXvBIsyBjuv11f1jKwsRAVnB7k:8hpC5E0vJTCjut1qyVnO

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks