General

  • Target

    2024-11-09_6406d66e11b0b8d947cc06fd17bb3607_avoslocker_cobalt-strike_floxif_luca-stealer

  • Size

    665KB

  • Sample

    241109-pnpdpaxlbn

  • MD5

    6406d66e11b0b8d947cc06fd17bb3607

  • SHA1

    6b4035dfc6cfc8f251af75416f72c2c5026eba01

  • SHA256

    898743aa9b5f92ff3e85471bed205c524677cacb4bb5ef966f7ed47af0d547ec

  • SHA512

    75a78b1211b51f50017000469de6bbc03d8970db0bd6573048cd8e543a97a3854ee9b5659bd702ebe5ac9a7656972aece6f3ed01e034eeefc80ef3a4c1577ae6

  • SSDEEP

    12288:2eubXcyafJcLln5QwnVWqqPIBONhxsU/EbBjvrEH7xP:purZ90r/xsU/EhrEH7xP

Malware Config

Targets

    • Target

      2024-11-09_6406d66e11b0b8d947cc06fd17bb3607_avoslocker_cobalt-strike_floxif_luca-stealer

    • Size

      665KB

    • MD5

      6406d66e11b0b8d947cc06fd17bb3607

    • SHA1

      6b4035dfc6cfc8f251af75416f72c2c5026eba01

    • SHA256

      898743aa9b5f92ff3e85471bed205c524677cacb4bb5ef966f7ed47af0d547ec

    • SHA512

      75a78b1211b51f50017000469de6bbc03d8970db0bd6573048cd8e543a97a3854ee9b5659bd702ebe5ac9a7656972aece6f3ed01e034eeefc80ef3a4c1577ae6

    • SSDEEP

      12288:2eubXcyafJcLln5QwnVWqqPIBONhxsU/EbBjvrEH7xP:purZ90r/xsU/EhrEH7xP

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks