General

  • Target

    e420585f0416fa0d985d5979b59e8d2cfceeacb655ac86f1c5805e1427175182

  • Size

    433KB

  • Sample

    240926-gkjp2atfjc

  • MD5

    c283635bf31e12b2a20dc12a9d5c012f

  • SHA1

    883cb98bc588360ea29bc15c61be47e5b6a62645

  • SHA256

    e420585f0416fa0d985d5979b59e8d2cfceeacb655ac86f1c5805e1427175182

  • SHA512

    4b6d06842175a1e539a0957787ca6d0754256c2a06170fa9fcb8bda5ffd8ae51eb22d9cef16d29bfa7e6fc7717e2687abcbd4ac9f8182c72bbe95dd54adc7aa4

  • SSDEEP

    12288:R/wlw5kfMQrHlzXzA8ZZeOeuRgvLOBuag1EosxKq8kDfyh2KZ1qq2A/5Cd3jmKAF:+5O0g+g+x/1fcrz2A/5Cd3jmjrEH7u

Malware Config

Targets

    • Target

      e420585f0416fa0d985d5979b59e8d2cfceeacb655ac86f1c5805e1427175182

    • Size

      433KB

    • MD5

      c283635bf31e12b2a20dc12a9d5c012f

    • SHA1

      883cb98bc588360ea29bc15c61be47e5b6a62645

    • SHA256

      e420585f0416fa0d985d5979b59e8d2cfceeacb655ac86f1c5805e1427175182

    • SHA512

      4b6d06842175a1e539a0957787ca6d0754256c2a06170fa9fcb8bda5ffd8ae51eb22d9cef16d29bfa7e6fc7717e2687abcbd4ac9f8182c72bbe95dd54adc7aa4

    • SSDEEP

      12288:R/wlw5kfMQrHlzXzA8ZZeOeuRgvLOBuag1EosxKq8kDfyh2KZ1qq2A/5Cd3jmKAF:+5O0g+g+x/1fcrz2A/5Cd3jmjrEH7u

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks