General

  • Target

    fhwdeAbkIXbkguqDInkHdQksqPxhzs.exe (copy

  • Size

    213KB

  • Sample

    240917-c289sszfra

  • MD5

    4cf346c90a48934623d66c183100ba7c

  • SHA1

    b3bec8f90bafc9cc2fb6b8c02533eb7831223a58

  • SHA256

    baea614c17f5e5d7fe965fa1c3636719bb3cea125f2f785cae19c81aee49e5c9

  • SHA512

    fb7a8ea941d47f4c37f353b7d66be1e7ca52ff4667bc08f6429ce04a3c6c9b92ba5e808ab7130122f8b3ae34010eb862fe866dacf6759d661e6fb7c72a438e69

  • SSDEEP

    6144:JurkSdQ6mCtnRPF9cCGr/uHkBV+UdvrEFp7hKtUrG:JurkinRNh4uHkBjvrEH7MUrG

Malware Config

Targets

    • Target

      fhwdeAbkIXbkguqDInkHdQksqPxhzs.exe (copy

    • Size

      213KB

    • MD5

      4cf346c90a48934623d66c183100ba7c

    • SHA1

      b3bec8f90bafc9cc2fb6b8c02533eb7831223a58

    • SHA256

      baea614c17f5e5d7fe965fa1c3636719bb3cea125f2f785cae19c81aee49e5c9

    • SHA512

      fb7a8ea941d47f4c37f353b7d66be1e7ca52ff4667bc08f6429ce04a3c6c9b92ba5e808ab7130122f8b3ae34010eb862fe866dacf6759d661e6fb7c72a438e69

    • SSDEEP

      6144:JurkSdQ6mCtnRPF9cCGr/uHkBV+UdvrEFp7hKtUrG:JurkinRNh4uHkBjvrEH7MUrG

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks