General

  • Target

    517a7add85590ed1c0e855a7502138d24eb9c156e856a2e4ceee0bdffe367546

  • Size

    782KB

  • Sample

    241121-3pw2tazmfv

  • MD5

    aa6cc9e18514d8a5a66a9e50f9a69ef0

  • SHA1

    44aa60df2ee5777dba944e9b02a134b46ecab4c6

  • SHA256

    517a7add85590ed1c0e855a7502138d24eb9c156e856a2e4ceee0bdffe367546

  • SHA512

    bc5ecd1151889022e769eba2346b20deee5dcfc7b41edacad34c6ab592ccca89440e86f6d25f50eed94b6121901c8e98a8112cc74a54e4673ddb3fcf3b56e45f

  • SSDEEP

    24576:jQYh1yLmSKrPD37zzH2A6QD/BpqggE2CfNar/yxyR1rEH78:N02rPD37zzH2A6S2IfNarya

Malware Config

Targets

    • Target

      517a7add85590ed1c0e855a7502138d24eb9c156e856a2e4ceee0bdffe367546

    • Size

      782KB

    • MD5

      aa6cc9e18514d8a5a66a9e50f9a69ef0

    • SHA1

      44aa60df2ee5777dba944e9b02a134b46ecab4c6

    • SHA256

      517a7add85590ed1c0e855a7502138d24eb9c156e856a2e4ceee0bdffe367546

    • SHA512

      bc5ecd1151889022e769eba2346b20deee5dcfc7b41edacad34c6ab592ccca89440e86f6d25f50eed94b6121901c8e98a8112cc74a54e4673ddb3fcf3b56e45f

    • SSDEEP

      24576:jQYh1yLmSKrPD37zzH2A6QD/BpqggE2CfNar/yxyR1rEH78:N02rPD37zzH2A6S2IfNarya

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks