General

  • Target

    2024-09-26_8f287a3526f0a091ba602cfe7073bdee_expiro_floxif_icedid

  • Size

    360KB

  • Sample

    240926-fkmk9aydrj

  • MD5

    8f287a3526f0a091ba602cfe7073bdee

  • SHA1

    f542df7f16c0e78b04e8955e9c3e405fffb29f22

  • SHA256

    7d4fe3eb698c7efed9b1764140a7ac0517c20ba3ad52ea6c02bc023fa0a4ffb7

  • SHA512

    424a1f8441eac6cd1b0858b5a0708524afd2abf2e49e4be024774635f363999b2f32720a3afa8852d10dad7ec1f2c6f6703b07b12950018bea1f74dae705ab7f

  • SSDEEP

    6144:REq64tWRYCjhOhn7n4TSIBblt5RSZhlMIoEPssBV+UdvrEFp7hKJG:RQhC7iSIBtR0oEPssBjvrEH7T

Malware Config

Targets

    • Target

      2024-09-26_8f287a3526f0a091ba602cfe7073bdee_expiro_floxif_icedid

    • Size

      360KB

    • MD5

      8f287a3526f0a091ba602cfe7073bdee

    • SHA1

      f542df7f16c0e78b04e8955e9c3e405fffb29f22

    • SHA256

      7d4fe3eb698c7efed9b1764140a7ac0517c20ba3ad52ea6c02bc023fa0a4ffb7

    • SHA512

      424a1f8441eac6cd1b0858b5a0708524afd2abf2e49e4be024774635f363999b2f32720a3afa8852d10dad7ec1f2c6f6703b07b12950018bea1f74dae705ab7f

    • SSDEEP

      6144:REq64tWRYCjhOhn7n4TSIBblt5RSZhlMIoEPssBV+UdvrEFp7hKJG:RQhC7iSIBtR0oEPssBjvrEH7T

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks