General

  • Target

    3e2dd8998f26cf3c989d8ac3fe1cd9906ccd6787894867c56c9815a500598630N

  • Size

    140KB

  • Sample

    241026-dl6dmszepl

  • MD5

    0295b16fd68bd3078ef34017b93c93a0

  • SHA1

    d13961b7bb9271af9eb9422927b33237e624eb0c

  • SHA256

    3e2dd8998f26cf3c989d8ac3fe1cd9906ccd6787894867c56c9815a500598630

  • SHA512

    0f46fd342f52dcf1e895d61f64bfe9d8b6d75c8c5adc1369ae57110fdbe8affaa66d1eb5f0ae8317b8d5940720a9595d2064c6430ef6bce1e26cedbffcc6a825

  • SSDEEP

    3072:SjbfwkAbfZ2lQBV+UdE+rECWp7hKbNSGr:S3ytBV+UdvrEFp7hKV

Malware Config

Targets

    • Target

      3e2dd8998f26cf3c989d8ac3fe1cd9906ccd6787894867c56c9815a500598630N

    • Size

      140KB

    • MD5

      0295b16fd68bd3078ef34017b93c93a0

    • SHA1

      d13961b7bb9271af9eb9422927b33237e624eb0c

    • SHA256

      3e2dd8998f26cf3c989d8ac3fe1cd9906ccd6787894867c56c9815a500598630

    • SHA512

      0f46fd342f52dcf1e895d61f64bfe9d8b6d75c8c5adc1369ae57110fdbe8affaa66d1eb5f0ae8317b8d5940720a9595d2064c6430ef6bce1e26cedbffcc6a825

    • SSDEEP

      3072:SjbfwkAbfZ2lQBV+UdE+rECWp7hKbNSGr:S3ytBV+UdvrEFp7hKV

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Detects Floxif payload

    • Disables RegEdit via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks