General

  • Target

    54c268ac7b4bd9c74e8968ea97ff64076a4dcb9d280ea4621cfa512f98fad5a8

  • Size

    497KB

  • Sample

    241120-2ydq6azlgp

  • MD5

    37bc4f3b4c8d3c48bb93ed7169730299

  • SHA1

    c16272ff7be4650aa241be93faafec140aee6d2b

  • SHA256

    54c268ac7b4bd9c74e8968ea97ff64076a4dcb9d280ea4621cfa512f98fad5a8

  • SHA512

    eb9a2eff9b9e51c1080ebc1b261b2e221cab4bd15746e49770fdaf9200079055085cd60aa5ee228e1077591cb55e589a75b2ecba326a2cae69488df7fadeafcf

  • SSDEEP

    12288:xOv5jKhsfoPA+s5ueVKUCUxP4C902bdRtJJPiX9iJ1CYpBjvrEH7A:xq5Tfc4Hj4fmbOiHR3rEH7A

Malware Config

Targets

    • Target

      54c268ac7b4bd9c74e8968ea97ff64076a4dcb9d280ea4621cfa512f98fad5a8

    • Size

      497KB

    • MD5

      37bc4f3b4c8d3c48bb93ed7169730299

    • SHA1

      c16272ff7be4650aa241be93faafec140aee6d2b

    • SHA256

      54c268ac7b4bd9c74e8968ea97ff64076a4dcb9d280ea4621cfa512f98fad5a8

    • SHA512

      eb9a2eff9b9e51c1080ebc1b261b2e221cab4bd15746e49770fdaf9200079055085cd60aa5ee228e1077591cb55e589a75b2ecba326a2cae69488df7fadeafcf

    • SSDEEP

      12288:xOv5jKhsfoPA+s5ueVKUCUxP4C902bdRtJJPiX9iJ1CYpBjvrEH7A:xq5Tfc4Hj4fmbOiHR3rEH7A

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks