General

  • Target

    PasswdRenew.exe

  • Size

    379KB

  • Sample

    240916-1bgzma1ajq

  • MD5

    c3dd171a54d224a428624aee75841a27

  • SHA1

    b0aa61f4cf65f87e948deaead3b46ff5c1c1d3a0

  • SHA256

    4b0901fd019cb1d7a162fdd054fb02707ff164e88a8b0dbaead9475b46627cd4

  • SHA512

    2e98f9af97593f552ac2e1f9854b0959508d0002e65fd74e1040786dace5aabe3b04abe98225e89dea63e89171f417d98cdada98ae6b32d26610314b0cfabf94

  • SSDEEP

    6144:3wacFaJEm5UMbpd9TN7J8jHPPm9W2CC/ELi03WIPX891HmaLS+eBV+UdvrEFp7hD:/cFa6mWmpdb74+Q5iELi03WIf891bS7e

Malware Config

Targets

    • Target

      PasswdRenew.exe

    • Size

      379KB

    • MD5

      c3dd171a54d224a428624aee75841a27

    • SHA1

      b0aa61f4cf65f87e948deaead3b46ff5c1c1d3a0

    • SHA256

      4b0901fd019cb1d7a162fdd054fb02707ff164e88a8b0dbaead9475b46627cd4

    • SHA512

      2e98f9af97593f552ac2e1f9854b0959508d0002e65fd74e1040786dace5aabe3b04abe98225e89dea63e89171f417d98cdada98ae6b32d26610314b0cfabf94

    • SSDEEP

      6144:3wacFaJEm5UMbpd9TN7J8jHPPm9W2CC/ELi03WIPX891HmaLS+eBV+UdvrEFp7hD:/cFa6mWmpdb74+Q5iELi03WIf891bS7e

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks