General

  • Target

    artifact.bin

  • Size

    164KB

  • Sample

    240917-dd92vs1djh

  • MD5

    97d0aabdcebe5db1a4704543636a3888

  • SHA1

    6540a7420f736c3ec37eb800060837c513148219

  • SHA256

    185d5b9f85a60341e7ca2611483901e6ad69c08f4efd59db54617eac9367e554

  • SHA512

    5a0ec1012e630d6a8513b6d0c946f6454caf602b5f6945e92b482a25c1a32b35657d8ac86dab38f3bc970d58b90eb7a37cc9e39c1bf53a80f069d8ad4a269505

  • SSDEEP

    3072:35rCqOPgiYxupX58VcGpEqMa5R+8PQ0rdDkUYN2lQBV+UdE+rECWp7hKxgSQu:35ezyunOEDa5484rpBV+UdvrEFp7hKxN

Malware Config

Targets

    • Target

      artifact.bin

    • Size

      164KB

    • MD5

      97d0aabdcebe5db1a4704543636a3888

    • SHA1

      6540a7420f736c3ec37eb800060837c513148219

    • SHA256

      185d5b9f85a60341e7ca2611483901e6ad69c08f4efd59db54617eac9367e554

    • SHA512

      5a0ec1012e630d6a8513b6d0c946f6454caf602b5f6945e92b482a25c1a32b35657d8ac86dab38f3bc970d58b90eb7a37cc9e39c1bf53a80f069d8ad4a269505

    • SSDEEP

      3072:35rCqOPgiYxupX58VcGpEqMa5R+8PQ0rdDkUYN2lQBV+UdE+rECWp7hKxgSQu:35ezyunOEDa5484rpBV+UdvrEFp7hKxN

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks