General

  • Target

    2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif

  • Size

    464KB

  • Sample

    240926-fe7z1a1enh

  • MD5

    5780eb5e3589f0be85ec7a296acecc43

  • SHA1

    9b3bfa8c9498d18b8b593af661f6755eda445dd7

  • SHA256

    4b659bd1005658eba8f7cd43339c10340a2fa57035ddc0ea60d8aea712bd7ca2

  • SHA512

    9bf768bd26e399ef68db556fd74a8fc5af55f8c2c7a283b2bb2f372a146beb82d57e354001d35815d90678bb1fe85bd9931c86405c928165dba71f47ab7b9750

  • SSDEEP

    12288:5K3D/88X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7n:50L8E5j/xs7RYrEH7n

Malware Config

Targets

    • Target

      2024-09-26_5780eb5e3589f0be85ec7a296acecc43_avoslocker_cobalt-strike_floxif

    • Size

      464KB

    • MD5

      5780eb5e3589f0be85ec7a296acecc43

    • SHA1

      9b3bfa8c9498d18b8b593af661f6755eda445dd7

    • SHA256

      4b659bd1005658eba8f7cd43339c10340a2fa57035ddc0ea60d8aea712bd7ca2

    • SHA512

      9bf768bd26e399ef68db556fd74a8fc5af55f8c2c7a283b2bb2f372a146beb82d57e354001d35815d90678bb1fe85bd9931c86405c928165dba71f47ab7b9750

    • SSDEEP

      12288:5K3D/88X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7n:50L8E5j/xs7RYrEH7n

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks