Overview

overview

10

Static

static

3

abf3620108...17.exe

windows7-x64

10

abf3620108...17.exe

windows10-2004-x64

10

$APPDATA/u...rd.exe

windows7-x64

3

$APPDATA/u...rd.exe

windows10-2004-x64

3

$APPDATA/u...gf.exe

windows7-x64

3

$APPDATA/u...gf.exe

windows10-2004-x64

3

$APPDATA/u...ow.exe

windows7-x64

3

$APPDATA/u...ow.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abf36201080f1e36f9f91aa8418aa5a4c23a777c82075baa171b9f2d7d963017

  • Size

    1.2MB

  • Sample

    241120-csbl6syarh

  • MD5

    7d537bae2a9112f8df77fc8670e71dfc

  • SHA1

    00ce2d0d4415efe861ab3ea74871b3120dc0865e

  • SHA256

    abf36201080f1e36f9f91aa8418aa5a4c23a777c82075baa171b9f2d7d963017

  • SHA512

    ee526741a02383fb59f1df5cd04137f7ae0ae97941c7090941bbc0ff6ba8adab7372679da74285434c414089472e070e0274cdc42b2cce14ed3e115e5c4bc3b7

  • SSDEEP

    24576:o3P0uG7r9Zo8W7ZM4dWKJXTMt8cqIiiZNIULY3lByEh8hKLMrEH7E4:tr7rMX7ZWKJjC8cwiZWqYVdLg4

Score
10/10
floxifbackdoordiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      abf36201080f1e36f9f91aa8418aa5a4c23a777c82075baa171b9f2d7d963017

    • Size

      1.2MB

    • MD5

      7d537bae2a9112f8df77fc8670e71dfc

    • SHA1

      00ce2d0d4415efe861ab3ea74871b3120dc0865e

    • SHA256

      abf36201080f1e36f9f91aa8418aa5a4c23a777c82075baa171b9f2d7d963017

    • SHA512

      ee526741a02383fb59f1df5cd04137f7ae0ae97941c7090941bbc0ff6ba8adab7372679da74285434c414089472e070e0274cdc42b2cce14ed3e115e5c4bc3b7

    • SSDEEP

      24576:o3P0uG7r9Zo8W7ZM4dWKJXTMt8cqIiiZNIULY3lByEh8hKLMrEH7E4:tr7rMX7ZWKJjC8cwiZWqYVdLg4

    Score
    10/10
    floxifbackdoordiscoverypersistencetrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $APPDATA/uurhngf/htfrahrd.exe

    • Size

      1.0MB

    • MD5

      ae9a93b6d3836bd84f04a66b610ca7a6

    • SHA1

      c4c11392fd9e64aa530f09f2a32cdc79cce23bdf

    • SHA256

      1f57d73fb4f1bd20833b41140a51f5ba2fbed51c96c61087192d670f656aeef3

    • SHA512

      a91dd24e5b1af6f0db5c0dcc0a950798a4a94452874fa822ee25ca6a4d4e0b7776a36e5929cbc6d7e95666190ba5291feccfe614570de72732bb92ab7ac50f4a

    • SSDEEP

      12288:doID4HgLRaH+liJ0vV3Rdpzf62lZbv+BeXluc6Xqz0+3r269ttejc2aEm9dtTgi:qs0H5UV3Dpzx1UuDeY2EztTg

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $APPDATA/uurhngf/uurhngf.exe

    • Size

      992KB

    • MD5

      e2dfb1c849054d92814d943152945de5

    • SHA1

      1609d7775aacff4a7694c2d6fc2524e3f174d946

    • SHA256

      6ff7f0b69c1ab65d162b586bae7a64bb140a9e62bbb005c1aa9082fa20249e9a

    • SHA512

      801f41b47941287f934394be7a38615e889bd8d6a0071b4ae3cae030b9f57bda6b462e74076f25dd63d6b22bfbeb2e8da1146a01504f25c98b62608fc456d535

    • SSDEEP

      12288:NwPbj3oBLXPJ0A44/DSXJ5TC1Oc76UsyDyvrFmNMT3BgEP:NwXYBLfamu59C1ONmykeT3

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $APPDATA/uurhngf/uurhngfbrow.exe

    • Size

      912KB

    • MD5

      ec6f3a730cd24ae5facbf3cda547fd04

    • SHA1

      60020ad7757dc73623e3fa0bcd08cad1a54f9497

    • SHA256

      57ee3e8d33d04301bcdf9d1b4bf7c2f46e9c3133f39ef4cdf26aa1add6dea3e9

    • SHA512

      f7d9047cf09787625c42a3fe1fc7b0295a1d771f00037393e98d7079161d8d546845658408493fb9a841b7f120d7e2594956adb2ede3861080e9e79535c1e231

    • SSDEEP

      12288:OZBxXsHWAramBxtyRKAduWb/uGJGhORqemooFEP:TLraIYpFmOgZ3

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks