General

  • Target

    a92654e3d041b3fe9dce1875b921f8c109764a781e5060e0a489fa8482b46838N

  • Size

    463KB

  • Sample

    241109-f6qj2a1pcq

  • MD5

    89e23d8fb8f3c9ea8d94ff9aa74869a0

  • SHA1

    d1d22c85e9209870cbd84b9c83b06a5a5a339ae3

  • SHA256

    a92654e3d041b3fe9dce1875b921f8c109764a781e5060e0a489fa8482b46838

  • SHA512

    3d98b2eefeb5e95e365081d12137e6a45218afa0c9c7420c2c39aa1e51954576921ab1c513a4cdd72c61b01ed577ed53ea50ef8d18c4f6bba53b05fccfdcee40

  • SSDEEP

    12288:4JKCR4yPv68Nq9hllPciV1oSLewYBjvrEH7wj:0lkXvcEqrEH7S

Malware Config

Targets

    • Target

      a92654e3d041b3fe9dce1875b921f8c109764a781e5060e0a489fa8482b46838N

    • Size

      463KB

    • MD5

      89e23d8fb8f3c9ea8d94ff9aa74869a0

    • SHA1

      d1d22c85e9209870cbd84b9c83b06a5a5a339ae3

    • SHA256

      a92654e3d041b3fe9dce1875b921f8c109764a781e5060e0a489fa8482b46838

    • SHA512

      3d98b2eefeb5e95e365081d12137e6a45218afa0c9c7420c2c39aa1e51954576921ab1c513a4cdd72c61b01ed577ed53ea50ef8d18c4f6bba53b05fccfdcee40

    • SSDEEP

      12288:4JKCR4yPv68Nq9hllPciV1oSLewYBjvrEH7wj:0lkXvcEqrEH7S

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks