General

  • Target

    UXZBlVvceYkzKW.exe.tmp

  • Size

    213KB

  • Sample

    240916-z74b3azgmk

  • MD5

    4269785c9f274293e6dff2da2b1c217d

  • SHA1

    0530c42913d67b5322331035c5feda43910b96fb

  • SHA256

    f25776c6a4975ef0708a24e9d4d2a147cb25441736a670e7aa4d6c3a6378bdec

  • SHA512

    741d3ca596f4c07559915478916eeab25d07be325384bac20f62764491386a95c819b5af7a97c692d31686a583b7f70fcb3b94158c7473e84d4885d8dfa91ceb

  • SSDEEP

    6144:ip1kSdQ6mCtnRPF9cCGr/uHkBV+UdvrEFp7hKpUrb:ip1kinRNh4uHkBjvrEH72Urb

Malware Config

Targets

    • Target

      UXZBlVvceYkzKW.exe.tmp

    • Size

      213KB

    • MD5

      4269785c9f274293e6dff2da2b1c217d

    • SHA1

      0530c42913d67b5322331035c5feda43910b96fb

    • SHA256

      f25776c6a4975ef0708a24e9d4d2a147cb25441736a670e7aa4d6c3a6378bdec

    • SHA512

      741d3ca596f4c07559915478916eeab25d07be325384bac20f62764491386a95c819b5af7a97c692d31686a583b7f70fcb3b94158c7473e84d4885d8dfa91ceb

    • SSDEEP

      6144:ip1kSdQ6mCtnRPF9cCGr/uHkBV+UdvrEFp7hKpUrb:ip1kinRNh4uHkBjvrEH72Urb

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks