General

  • Target

    0451b6e6c4fa6f188c9ab0c199794025ecec7c6d7918e399c148acbd0196af15

  • Size

    5.8MB

  • Sample

    241113-xy925sxglc

  • MD5

    67efbeb0ea7e92140f95bd1a0c424660

  • SHA1

    47709014c351fa3972ef0c4876a7aefa42734a27

  • SHA256

    0451b6e6c4fa6f188c9ab0c199794025ecec7c6d7918e399c148acbd0196af15

  • SHA512

    3f87dc3298f01efae1dc2f7163e5ba2a24eec2797e61ffd1ecd0c9b2ac3ee618bcbece854b6900e462599f19138a97b6078d0a944fb632bcf6d32c7c42f8794b

  • SSDEEP

    98304:/nN5VxXsJ9SpNcBP4u18frP3wbzWFimaI7dlo4:/HXsJ9SvTgbzWFimaI7dlv

Malware Config

Targets

    • Target

      0451b6e6c4fa6f188c9ab0c199794025ecec7c6d7918e399c148acbd0196af15

    • Size

      5.8MB

    • MD5

      67efbeb0ea7e92140f95bd1a0c424660

    • SHA1

      47709014c351fa3972ef0c4876a7aefa42734a27

    • SHA256

      0451b6e6c4fa6f188c9ab0c199794025ecec7c6d7918e399c148acbd0196af15

    • SHA512

      3f87dc3298f01efae1dc2f7163e5ba2a24eec2797e61ffd1ecd0c9b2ac3ee618bcbece854b6900e462599f19138a97b6078d0a944fb632bcf6d32c7c42f8794b

    • SSDEEP

      98304:/nN5VxXsJ9SpNcBP4u18frP3wbzWFimaI7dlo4:/HXsJ9SvTgbzWFimaI7dlv

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • A potential corporate email address has been identified in the URL: [email protected]

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks