General

  • Target

    6c0d8b60099607083db29d7a59385a70N

  • Size

    6.3MB

  • Sample

    240914-ldgz3swhqk

  • MD5

    6c0d8b60099607083db29d7a59385a70

  • SHA1

    97e40f1b0d753811c25185a6a70a5d9ad23f5cf6

  • SHA256

    d804ef65dda1d0e88d3df4f9eb487db6188685b3b27e91e7d96c6340f884ada3

  • SHA512

    e23523ce0b599f8c764a2f0e236f62512a254ed9263ed9e61812237d06543aa39f814a27f497e67783ea4029d46b8cf7f634bc00fd6e92e4475ca6514df91786

  • SSDEEP

    196608:7DXbNtDd/M3Cp3XHTPXBs72S3CKCXCv2a/Aq:7DXht5/M3CpHzPXOR39Uk20v

Malware Config

Targets

    • Target

      6c0d8b60099607083db29d7a59385a70N

    • Size

      6.3MB

    • MD5

      6c0d8b60099607083db29d7a59385a70

    • SHA1

      97e40f1b0d753811c25185a6a70a5d9ad23f5cf6

    • SHA256

      d804ef65dda1d0e88d3df4f9eb487db6188685b3b27e91e7d96c6340f884ada3

    • SHA512

      e23523ce0b599f8c764a2f0e236f62512a254ed9263ed9e61812237d06543aa39f814a27f497e67783ea4029d46b8cf7f634bc00fd6e92e4475ca6514df91786

    • SSDEEP

      196608:7DXbNtDd/M3Cp3XHTPXBs72S3CKCXCv2a/Aq:7DXht5/M3CpHzPXOR39Uk20v

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks