General

  • Target

    artifact.bin

  • Size

    164KB

  • Sample

    240917-da5b7s1bmh

  • MD5

    2912b4be41ff409c0ab3593ff5f005e8

  • SHA1

    7b78b19f6a5a0f7cb3170b458dea7a6b7e63f39c

  • SHA256

    744b58826d4ced00ffc5166576dc3985f1bc24d3e847be6f403c26c67936597e

  • SHA512

    498a0d2bd089d87500b8940f3235903d1f7bfc417ec572296687343d8feb90f5662d2490dff92fd6b12f5b87fb40f006a7d5d0a1d33e9eda639b584bd9b3c269

  • SSDEEP

    3072:95rCqOPdiYxFQy58VcGpfJmqMa5R+8PQ0rdDkU3I2lQBV+UdE+rECWp7hKDgSQHP:95ezDFdORmDa5484rfBV+UdvrEFp7hKC

Malware Config

Targets

    • Target

      artifact.bin

    • Size

      164KB

    • MD5

      2912b4be41ff409c0ab3593ff5f005e8

    • SHA1

      7b78b19f6a5a0f7cb3170b458dea7a6b7e63f39c

    • SHA256

      744b58826d4ced00ffc5166576dc3985f1bc24d3e847be6f403c26c67936597e

    • SHA512

      498a0d2bd089d87500b8940f3235903d1f7bfc417ec572296687343d8feb90f5662d2490dff92fd6b12f5b87fb40f006a7d5d0a1d33e9eda639b584bd9b3c269

    • SSDEEP

      3072:95rCqOPdiYxFQy58VcGpfJmqMa5R+8PQ0rdDkU3I2lQBV+UdE+rECWp7hKDgSQHP:95ezDFdORmDa5484rfBV+UdvrEFp7hKC

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks