General

  • Target

    2024-10-17_edc233da84df0ff3e06ce73615149d5c_floxif_icedid

  • Size

    1.1MB

  • Sample

    241017-br8d3sxhkj

  • MD5

    edc233da84df0ff3e06ce73615149d5c

  • SHA1

    9e03ee023a8f4b0a32e3835bf2eef65d8ba51228

  • SHA256

    76ce756e174ee90799c0218a75927b01e77a0f61c0313253ea1817778e102c6b

  • SHA512

    c3c5ed38d107d1e0e50caa0b99640a1336216d83a2e7c31c211d30bab53794e739881cbd8d4596c40af3c0a4ada9e60a68660770bdbcc5b0c641e03d91a5b475

  • SSDEEP

    12288:rSQTYNP57JF0ogGHTi2/zb8K90B0jkQ4Bb57I19X2lB7KuR7BjvrEH7On:7TYNVPi27b8a0HBBbQGb+8BrEH7q

Malware Config

Targets

    • Target

      2024-10-17_edc233da84df0ff3e06ce73615149d5c_floxif_icedid

    • Size

      1.1MB

    • MD5

      edc233da84df0ff3e06ce73615149d5c

    • SHA1

      9e03ee023a8f4b0a32e3835bf2eef65d8ba51228

    • SHA256

      76ce756e174ee90799c0218a75927b01e77a0f61c0313253ea1817778e102c6b

    • SHA512

      c3c5ed38d107d1e0e50caa0b99640a1336216d83a2e7c31c211d30bab53794e739881cbd8d4596c40af3c0a4ada9e60a68660770bdbcc5b0c641e03d91a5b475

    • SSDEEP

      12288:rSQTYNP57JF0ogGHTi2/zb8K90B0jkQ4Bb57I19X2lB7KuR7BjvrEH7On:7TYNVPi27b8a0HBBbQGb+8BrEH7q

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks