General

  • Target

    setup.exe

  • Size

    525KB

  • Sample

    240917-a14ltayand

  • MD5

    5aa5797d40567350ee3bbc417ed9cf0b

  • SHA1

    b7e5323a938b2f11b203e1cec274d9e0b9c41712

  • SHA256

    ec648643e91d914351ee61e3784d38d6011ab2c7bf8ed00869ec45f1a7dd1df3

  • SHA512

    9af5ea2e56eff8792327a744e48ee0e74320a7054743dc5ca7bf0df99707858e65492b343b1f53037ee57d3e5e053a7b998d6de896d2d422dcd97e8391b068d9

  • SSDEEP

    12288:V7ImWvFC+nhmuF3Y0sc0eDuUlXkCajKeBjvrEH7u7:V7yg+F3YlViKrEH7u7

Malware Config

Targets

    • Target

      setup.exe

    • Size

      525KB

    • MD5

      5aa5797d40567350ee3bbc417ed9cf0b

    • SHA1

      b7e5323a938b2f11b203e1cec274d9e0b9c41712

    • SHA256

      ec648643e91d914351ee61e3784d38d6011ab2c7bf8ed00869ec45f1a7dd1df3

    • SHA512

      9af5ea2e56eff8792327a744e48ee0e74320a7054743dc5ca7bf0df99707858e65492b343b1f53037ee57d3e5e053a7b998d6de896d2d422dcd97e8391b068d9

    • SSDEEP

      12288:V7ImWvFC+nhmuF3Y0sc0eDuUlXkCajKeBjvrEH7u7:V7yg+F3YlViKrEH7u7

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks