General

  • Target

    HPWMISVC.exe

  • Size

    693KB

  • Sample

    240916-zj8lwayfld

  • MD5

    23132bd8b08ba544768c588810114529

  • SHA1

    86b3fd59963d5176ab2bc6a4d7db3dead2214930

  • SHA256

    4e49ca7ef854b2310d20010314e32512482800ae5960cd85513256f6e9ff902f

  • SHA512

    eb06358581fa3cc46b7ecb3b3ef30dfe6545fdba3ae0217bf1badbd46343be22ae44965f008a02c4a7287b7cff965754bbceac3c0752f3a8b69882c09b78c47b

  • SSDEEP

    6144:iIuCPU/DSma6Mto6/hzAY/zHEtTJAJMm7rBV+UdvrEFp7hKKyt:iA+DSmHXWhe87rBjvrEH7Mt

Malware Config

Targets

    • Target

      HPWMISVC.exe

    • Size

      693KB

    • MD5

      23132bd8b08ba544768c588810114529

    • SHA1

      86b3fd59963d5176ab2bc6a4d7db3dead2214930

    • SHA256

      4e49ca7ef854b2310d20010314e32512482800ae5960cd85513256f6e9ff902f

    • SHA512

      eb06358581fa3cc46b7ecb3b3ef30dfe6545fdba3ae0217bf1badbd46343be22ae44965f008a02c4a7287b7cff965754bbceac3c0752f3a8b69882c09b78c47b

    • SSDEEP

      6144:iIuCPU/DSma6Mto6/hzAY/zHEtTJAJMm7rBV+UdvrEFp7hKKyt:iA+DSmHXWhe87rBjvrEH7Mt

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks