General

  • Target

    b8e986333a3cd375c459a5feb08da54d6699e06e5e5ad1131d405770e96a6e5dN

  • Size

    707KB

  • Sample

    241110-mht1wayjak

  • MD5

    dc3e1ca0bf9f8b50fa27d29f3979ca80

  • SHA1

    cc4b28998b6d86656c3021ddd0b7a59f4bb5069e

  • SHA256

    b8e986333a3cd375c459a5feb08da54d6699e06e5e5ad1131d405770e96a6e5d

  • SHA512

    c7481224136ce4bf29660f5c922924c670ae6c26dbe3220a75474c48227ab6895bcf08dafd54b7b4c3b164133332a6d78f9b898dae15eb710d694292655b4067

  • SSDEEP

    12288:Q+CnYzBFaY3yKDwVuJc2xiuwZwQuOkvjxYQGT0qN35eQ5TuBjvrEH73:QJYlmuSJmQQ2Q9fQarEH73

Malware Config

Targets

    • Target

      b8e986333a3cd375c459a5feb08da54d6699e06e5e5ad1131d405770e96a6e5dN

    • Size

      707KB

    • MD5

      dc3e1ca0bf9f8b50fa27d29f3979ca80

    • SHA1

      cc4b28998b6d86656c3021ddd0b7a59f4bb5069e

    • SHA256

      b8e986333a3cd375c459a5feb08da54d6699e06e5e5ad1131d405770e96a6e5d

    • SHA512

      c7481224136ce4bf29660f5c922924c670ae6c26dbe3220a75474c48227ab6895bcf08dafd54b7b4c3b164133332a6d78f9b898dae15eb710d694292655b4067

    • SSDEEP

      12288:Q+CnYzBFaY3yKDwVuJc2xiuwZwQuOkvjxYQGT0qN35eQ5TuBjvrEH73:QJYlmuSJmQQ2Q9fQarEH73

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks