General

  • Target

    2024-09-26_f9aa60898ab4139a0535a0e68c96a15f_expiro_floxif_icedid

  • Size

    360KB

  • Sample

    240926-fqfd5asbnd

  • MD5

    f9aa60898ab4139a0535a0e68c96a15f

  • SHA1

    fcb73cf94b6079f8d016acf9d7935fd49040caf7

  • SHA256

    4c7d2bf749a4f4752d2e033fac408dcb567e888cbcdfd3476332e134677aff58

  • SHA512

    70303c9a3b5056e1ab3023cf2c0367d1410c1c54e2658b8a8ceb9e3ebd4688207d028c3a56c783996c1017c5c2e10ddb4be1c1f944362f1b8883c334688fbe61

  • SSDEEP

    6144:REq64tWRYCjhOhn7n4T0HBblt5RSZhlMIoEPssBV+UdvrEFp7hKJG:RQhC7i0HBtR0oEPssBjvrEH7T

Malware Config

Targets

    • Target

      2024-09-26_f9aa60898ab4139a0535a0e68c96a15f_expiro_floxif_icedid

    • Size

      360KB

    • MD5

      f9aa60898ab4139a0535a0e68c96a15f

    • SHA1

      fcb73cf94b6079f8d016acf9d7935fd49040caf7

    • SHA256

      4c7d2bf749a4f4752d2e033fac408dcb567e888cbcdfd3476332e134677aff58

    • SHA512

      70303c9a3b5056e1ab3023cf2c0367d1410c1c54e2658b8a8ceb9e3ebd4688207d028c3a56c783996c1017c5c2e10ddb4be1c1f944362f1b8883c334688fbe61

    • SSDEEP

      6144:REq64tWRYCjhOhn7n4T0HBblt5RSZhlMIoEPssBV+UdvrEFp7hKJG:RQhC7i0HBtR0oEPssBjvrEH7T

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks