General
-
Target
3738c3676c098fa6ca3ebd196430ca6b956f3ccd6508f95e646d9ea8cecc616bN.exe
-
Size
336KB
-
Sample
241128-jvevyaxjhp
-
MD5
d283d99e640b7d740f5b7d961f2ec4d0
-
SHA1
17de585d10c8e4e22bbe3afcadd169478f3a2125
-
SHA256
3738c3676c098fa6ca3ebd196430ca6b956f3ccd6508f95e646d9ea8cecc616b
-
SHA512
0f9f5397bbaac4b5acfb28079698cbd40b97f00c7da43d31612a803d82231d126f08e3c7ea5f4625bdadc339b9ee393b44b97180517ca478843ac061872e9f97
-
SSDEEP
6144:Q5jwDPVWlfDqzWLELhEnY8KT2z+VmQtfyErfvwUnisBV+UdvrEFp7hKg:Q5EDPVm+SL1ztz+VEGxBjvrEH7n
Malware Config
Targets
-
-
Target
3738c3676c098fa6ca3ebd196430ca6b956f3ccd6508f95e646d9ea8cecc616bN.exe
-
Size
336KB
-
MD5
d283d99e640b7d740f5b7d961f2ec4d0
-
SHA1
17de585d10c8e4e22bbe3afcadd169478f3a2125
-
SHA256
3738c3676c098fa6ca3ebd196430ca6b956f3ccd6508f95e646d9ea8cecc616b
-
SHA512
0f9f5397bbaac4b5acfb28079698cbd40b97f00c7da43d31612a803d82231d126f08e3c7ea5f4625bdadc339b9ee393b44b97180517ca478843ac061872e9f97
-
SSDEEP
6144:Q5jwDPVWlfDqzWLELhEnY8KT2z+VmQtfyErfvwUnisBV+UdvrEFp7hKg:Q5EDPVm+SL1ztz+VEGxBjvrEH7n
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Modifies RDP port number used by Windows
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-