General

  • Target

    3e45ff1f6106ec9c03f087a850242e2c15204f58211d5a46fdf865339b30e267N

  • Size

    197KB

  • Sample

    241030-rhw8fsvenb

  • MD5

    738367c8e98dce7961442cd6bc28bb20

  • SHA1

    da85364982841c6785e77ab4043a305013b6c985

  • SHA256

    3e45ff1f6106ec9c03f087a850242e2c15204f58211d5a46fdf865339b30e267

  • SHA512

    d4c2aa7370180ad31601ab55af0e112cab3c23158f0fed24e3981d2f1bca5debfc14f8d6243698d4937cdacf508ab4de276a84f267d25cc94d8751e9169b8c8e

  • SSDEEP

    6144:Vy9B1eErXazPz/kKsQvMRlkM4RD/qzMfUnz:89B1euOLfMRGM4h/qofyz

Malware Config

Targets

    • Target

      3e45ff1f6106ec9c03f087a850242e2c15204f58211d5a46fdf865339b30e267N

    • Size

      197KB

    • MD5

      738367c8e98dce7961442cd6bc28bb20

    • SHA1

      da85364982841c6785e77ab4043a305013b6c985

    • SHA256

      3e45ff1f6106ec9c03f087a850242e2c15204f58211d5a46fdf865339b30e267

    • SHA512

      d4c2aa7370180ad31601ab55af0e112cab3c23158f0fed24e3981d2f1bca5debfc14f8d6243698d4937cdacf508ab4de276a84f267d25cc94d8751e9169b8c8e

    • SSDEEP

      6144:Vy9B1eErXazPz/kKsQvMRlkM4RD/qzMfUnz:89B1euOLfMRGM4h/qofyz

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks