General

  • Target

    PointBlank.exe

  • Size

    267KB

  • Sample

    240917-av9wmsxgne

  • MD5

    61d6009e1ef224b1f6f1dccdfd7282ed

  • SHA1

    a2481f6acf5e4e75e497dead3f7079c5aa8d4918

  • SHA256

    7337915336df953483e3bcb1159b4407b179a8ca6945cb1352fe054fdc9e273d

  • SHA512

    4e2429223ea323ef22761c3d129464a1ad4dd092520e1c6762e5c39165100a1981cbb80b50e6b75a23f68280cf94c221712224b2e73441aac666704c68c179f4

  • SSDEEP

    6144:+5SZg+1AjVQ3UR+kzqj35QBV+UdvrEFp7hKEmF:S+1P3UR+WqVQBjvrEH7tO

Malware Config

Targets

    • Target

      PointBlank.exe

    • Size

      267KB

    • MD5

      61d6009e1ef224b1f6f1dccdfd7282ed

    • SHA1

      a2481f6acf5e4e75e497dead3f7079c5aa8d4918

    • SHA256

      7337915336df953483e3bcb1159b4407b179a8ca6945cb1352fe054fdc9e273d

    • SHA512

      4e2429223ea323ef22761c3d129464a1ad4dd092520e1c6762e5c39165100a1981cbb80b50e6b75a23f68280cf94c221712224b2e73441aac666704c68c179f4

    • SSDEEP

      6144:+5SZg+1AjVQ3UR+kzqj35QBV+UdvrEFp7hKEmF:S+1P3UR+WqVQBjvrEH7tO

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops desktop.ini file(s)

    • Network Service Discovery

      Attempt to gather information on host's network.

MITRE ATT&CK Enterprise v15

Tasks