General

  • Target

    Patch.exe

  • Size

    978KB

  • Sample

    240917-a5bftsycpn

  • MD5

    4e92e494a6922fd591cdc0c466f438bf

  • SHA1

    366912ae55e634331fc3dd53219cc59c054e5835

  • SHA256

    f5c354f56b4eaa2068842287292e797ede967696410c4666faf3efd2a96ee264

  • SHA512

    88b1cc5fe54492e9d2a5fdd11dd31dab0737c0c0d6e6f215b4dda705bf2e2ffb8753c25d21b5d03ffed53c15e140eee1edb792beaa8b3985b7781d5a79b5bdc3

  • SSDEEP

    24576:wb1E5jgvmvSZW/SmUeeQYEE8N5z/NH8w5j7frEH7S:wI8mIW/ce683/Ncq

Malware Config

Targets

    • Target

      Patch.exe

    • Size

      978KB

    • MD5

      4e92e494a6922fd591cdc0c466f438bf

    • SHA1

      366912ae55e634331fc3dd53219cc59c054e5835

    • SHA256

      f5c354f56b4eaa2068842287292e797ede967696410c4666faf3efd2a96ee264

    • SHA512

      88b1cc5fe54492e9d2a5fdd11dd31dab0737c0c0d6e6f215b4dda705bf2e2ffb8753c25d21b5d03ffed53c15e140eee1edb792beaa8b3985b7781d5a79b5bdc3

    • SSDEEP

      24576:wb1E5jgvmvSZW/SmUeeQYEE8N5z/NH8w5j7frEH7S:wI8mIW/ce683/Ncq

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks