General

  • Target

    f37fb0cc98c0f4daa78038ae7c8fb5de1d19d567a233641e58c44227a2ed0fe6N

  • Size

    154KB

  • Sample

    241030-rqfknstnfw

  • MD5

    77c37e1e7c76f59f9be3490d149e4c80

  • SHA1

    daeedd17731c0606bbaf73b3550015bc99dbf1d9

  • SHA256

    f37fb0cc98c0f4daa78038ae7c8fb5de1d19d567a233641e58c44227a2ed0fe6

  • SHA512

    51e2685bb022ead3b530ef495f0e85f57f88d5caa44abea1b7ba6e469c9aec38e3fb803464e65936f72378f5cabb89ca9e58d05f2306baf9d785b463ed74f47e

  • SSDEEP

    3072:B4apgg/U31phXXVlb8PurRW+gR+JrwXrbdy5Jb2lQBV+UdE+rECWp7hKVSm8:HgjXwurRWur2Pdy5JfBV+UdvrEFp7hK+

Malware Config

Targets

    • Target

      f37fb0cc98c0f4daa78038ae7c8fb5de1d19d567a233641e58c44227a2ed0fe6N

    • Size

      154KB

    • MD5

      77c37e1e7c76f59f9be3490d149e4c80

    • SHA1

      daeedd17731c0606bbaf73b3550015bc99dbf1d9

    • SHA256

      f37fb0cc98c0f4daa78038ae7c8fb5de1d19d567a233641e58c44227a2ed0fe6

    • SHA512

      51e2685bb022ead3b530ef495f0e85f57f88d5caa44abea1b7ba6e469c9aec38e3fb803464e65936f72378f5cabb89ca9e58d05f2306baf9d785b463ed74f47e

    • SSDEEP

      3072:B4apgg/U31phXXVlb8PurRW+gR+JrwXrbdy5Jb2lQBV+UdE+rECWp7hKVSm8:HgjXwurRWur2Pdy5JfBV+UdvrEFp7hK+

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks