General

  • Target

    12ebc2c138916bd0230a73b8c7be2885d9c0497dfd734d33aa5dec1083fff422N

  • Size

    140KB

  • Sample

    241110-qvxt3sxfmp

  • MD5

    4eb009cdfaca1c491d813929fde0e320

  • SHA1

    876ccb56921953365adc778fd3508a3fdf7a64c7

  • SHA256

    12ebc2c138916bd0230a73b8c7be2885d9c0497dfd734d33aa5dec1083fff422

  • SHA512

    831d33de4c940517d1f821ece3251c6c5c3a5b9f21623267e91832c4f5adf1715966f0ea5c80906680fc4f8ceb153c5d536fc2533d2e0d81fbef68d85faeb4cd

  • SSDEEP

    3072:TkNUfwkAbfZ2lQBV+UdE+rECWp7hKP1fIf:uAytBV+UdvrEFp7hKtIf

Malware Config

Targets

    • Target

      12ebc2c138916bd0230a73b8c7be2885d9c0497dfd734d33aa5dec1083fff422N

    • Size

      140KB

    • MD5

      4eb009cdfaca1c491d813929fde0e320

    • SHA1

      876ccb56921953365adc778fd3508a3fdf7a64c7

    • SHA256

      12ebc2c138916bd0230a73b8c7be2885d9c0497dfd734d33aa5dec1083fff422

    • SHA512

      831d33de4c940517d1f821ece3251c6c5c3a5b9f21623267e91832c4f5adf1715966f0ea5c80906680fc4f8ceb153c5d536fc2533d2e0d81fbef68d85faeb4cd

    • SSDEEP

      3072:TkNUfwkAbfZ2lQBV+UdE+rECWp7hKP1fIf:uAytBV+UdvrEFp7hKtIf

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Detects Floxif payload

    • Disables RegEdit via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks