General

  • Target

    2024-09-26_b3c7c079425544173acdaee2f10c1abf_avoslocker_cobalt-strike_floxif

  • Size

    464KB

  • Sample

    240926-fnbyxsyfmp

  • MD5

    b3c7c079425544173acdaee2f10c1abf

  • SHA1

    ea5dc4f81792c9a9e80cf55d3786a612c2826304

  • SHA256

    c7675a6623459e9972d35850288d01569ae57e3b05be6222f3fe41f0670d64cf

  • SHA512

    083c8662ce44405131e99c0448f5ca3313ebf4b52af2d57e79943fdc17b188508b104629d8408918f7f30c9cf89bf0dfaf71f7e49e55b9e2a3f573b86de780ec

  • SSDEEP

    12288:5K3wL98X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7M:50wxE5j/xs7RYrEH7M

Malware Config

Targets

    • Target

      2024-09-26_b3c7c079425544173acdaee2f10c1abf_avoslocker_cobalt-strike_floxif

    • Size

      464KB

    • MD5

      b3c7c079425544173acdaee2f10c1abf

    • SHA1

      ea5dc4f81792c9a9e80cf55d3786a612c2826304

    • SHA256

      c7675a6623459e9972d35850288d01569ae57e3b05be6222f3fe41f0670d64cf

    • SHA512

      083c8662ce44405131e99c0448f5ca3313ebf4b52af2d57e79943fdc17b188508b104629d8408918f7f30c9cf89bf0dfaf71f7e49e55b9e2a3f573b86de780ec

    • SSDEEP

      12288:5K3wL98X1JBxkSYnVWqqPIBONhxs7rleBjvrEH7M:50wxE5j/xs7RYrEH7M

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks