General

  • Target

    fcd529f273f486f9614f92e3457142b6b71b482feb04f69c420796d15e0ab079N

  • Size

    1.9MB

  • Sample

    241110-t3jtzatnen

  • MD5

    570e6eba8ef6c318418b3ec7dedeee30

  • SHA1

    d5422299b9bc832ea0c6d725bfef8117c9e6da27

  • SHA256

    fcd529f273f486f9614f92e3457142b6b71b482feb04f69c420796d15e0ab079

  • SHA512

    349019fa33e9716a88b17e4467f6fabf502e537ea402b2b2b68491493cfd651c0bcf349418a1deb80cab356d082b2277e36f7c8144aa3ccfe4174d1e3089f159

  • SSDEEP

    49152:GiRuG0dnWNuN2bj1WiaTmHP66XiRIFd8rSxAF1aeNuvTCkSIUo8AR:GVG0QNuN2bh8Tl6XiRIFd8rHpuvWkSIX

Malware Config

Targets

    • Target

      fcd529f273f486f9614f92e3457142b6b71b482feb04f69c420796d15e0ab079N

    • Size

      1.9MB

    • MD5

      570e6eba8ef6c318418b3ec7dedeee30

    • SHA1

      d5422299b9bc832ea0c6d725bfef8117c9e6da27

    • SHA256

      fcd529f273f486f9614f92e3457142b6b71b482feb04f69c420796d15e0ab079

    • SHA512

      349019fa33e9716a88b17e4467f6fabf502e537ea402b2b2b68491493cfd651c0bcf349418a1deb80cab356d082b2277e36f7c8144aa3ccfe4174d1e3089f159

    • SSDEEP

      49152:GiRuG0dnWNuN2bj1WiaTmHP66XiRIFd8rSxAF1aeNuvTCkSIUo8AR:GVG0QNuN2bh8Tl6XiRIFd8rHpuvWkSIX

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks