General

  • Target

    2024-09-26_7d6ece39e55125608c606b29096428be_avoslocker_cobalt-strike_floxif

  • Size

    464KB

  • Sample

    240926-fhzg2a1gkg

  • MD5

    7d6ece39e55125608c606b29096428be

  • SHA1

    059beffe9adad6988824ae237ca0289fb73ba151

  • SHA256

    348a3e9cf5cc406ad2d5a34e3c96d70e772d9394c323bceb83e4c022377eb795

  • SHA512

    9855889a22d180cef290e5ad50c00fa859a83161209cf203da77cb7e7d18e6e3b0f3ef14beb2451205312d0d6509ec21d0141cfb652ca01106c493dd6ede34e5

  • SSDEEP

    12288:5K3who8X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7M:50wyE5j/xs7RYrEH7M

Malware Config

Targets

    • Target

      2024-09-26_7d6ece39e55125608c606b29096428be_avoslocker_cobalt-strike_floxif

    • Size

      464KB

    • MD5

      7d6ece39e55125608c606b29096428be

    • SHA1

      059beffe9adad6988824ae237ca0289fb73ba151

    • SHA256

      348a3e9cf5cc406ad2d5a34e3c96d70e772d9394c323bceb83e4c022377eb795

    • SHA512

      9855889a22d180cef290e5ad50c00fa859a83161209cf203da77cb7e7d18e6e3b0f3ef14beb2451205312d0d6509ec21d0141cfb652ca01106c493dd6ede34e5

    • SSDEEP

      12288:5K3who8X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7M:50wyE5j/xs7RYrEH7M

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks