General
-
Target
39e0e99686f3ff4871a53ab3700bd7e5b0fa9a1de1eb9fd90b9be77eb1bc5483.exe
-
Size
296KB
-
Sample
241120-e6r77a1kgw
-
MD5
8f4c7d749a2349d1a7d722be0ccef703
-
SHA1
cc4a971226e48748d4e07adf11a0c303bd44b1b4
-
SHA256
39e0e99686f3ff4871a53ab3700bd7e5b0fa9a1de1eb9fd90b9be77eb1bc5483
-
SHA512
71def671627382022def2060ac87e057077075a7eb745a0d67b18430b3d06dd670d830d68bb2448a2e567bb5f679a11faa8f518e84490c51ad58b05d6a1ebc93
-
SSDEEP
6144:r5y5VKltxeqbaacNnrQ6O6agZCPUgidwvRC4Kmnw:r5y5sltxeqbaar69ZNPUnfnw
Malware Config
Targets
-
-
Target
39e0e99686f3ff4871a53ab3700bd7e5b0fa9a1de1eb9fd90b9be77eb1bc5483.exe
-
Size
296KB
-
MD5
8f4c7d749a2349d1a7d722be0ccef703
-
SHA1
cc4a971226e48748d4e07adf11a0c303bd44b1b4
-
SHA256
39e0e99686f3ff4871a53ab3700bd7e5b0fa9a1de1eb9fd90b9be77eb1bc5483
-
SHA512
71def671627382022def2060ac87e057077075a7eb745a0d67b18430b3d06dd670d830d68bb2448a2e567bb5f679a11faa8f518e84490c51ad58b05d6a1ebc93
-
SSDEEP
6144:r5y5VKltxeqbaacNnrQ6O6agZCPUgidwvRC4Kmnw:r5y5sltxeqbaar69ZNPUnfnw
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-