General

  • Target

    Virus.Win32.Floxif.H-a177fa8b3b8ff8996000f67a6d20955fadc8eec8fa9ddf455894ff9b213cd591-NeikiAnalytics

  • Size

    5.0MB

  • Sample

    240915-rl8qnaxclb

  • MD5

    627af27c5f977992d00e6edaeb0c6a90

  • SHA1

    635aa5f91049d960c8ddf1e438f7868dd5ab952e

  • SHA256

    a177fa8b3b8ff8996000f67a6d20955fadc8eec8fa9ddf455894ff9b213cd591

  • SHA512

    b66fd324c2a986555f6fda43b0efb7c97f116b79be2d8468cf4ee0160d68bfec93c0f8e7fd8be82e053bbd11593902b7463579d5554e5261e4619cbaadddc0b6

  • SSDEEP

    98304:9BI8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPC:9hvx2rw5Th8XeNyGtW0DJr5uDdQdWPeR

Malware Config

Targets

    • Target

      Virus.Win32.Floxif.H-a177fa8b3b8ff8996000f67a6d20955fadc8eec8fa9ddf455894ff9b213cd591-NeikiAnalytics

    • Size

      5.0MB

    • MD5

      627af27c5f977992d00e6edaeb0c6a90

    • SHA1

      635aa5f91049d960c8ddf1e438f7868dd5ab952e

    • SHA256

      a177fa8b3b8ff8996000f67a6d20955fadc8eec8fa9ddf455894ff9b213cd591

    • SHA512

      b66fd324c2a986555f6fda43b0efb7c97f116b79be2d8468cf4ee0160d68bfec93c0f8e7fd8be82e053bbd11593902b7463579d5554e5261e4619cbaadddc0b6

    • SSDEEP

      98304:9BI8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPC:9hvx2rw5Th8XeNyGtW0DJr5uDdQdWPeR

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks