General

  • Target

    93645faac95453de4596a1a6c1e79b3f703d73bfceb84cad8ec3dd5b857e86f7

  • Size

    2.4MB

  • Sample

    241211-b2yydszjez

  • MD5

    a15ebcf1c57e75403d6e0ee46a8f3a50

  • SHA1

    560b4054d7a4d26e680d746b85bb09e22abe0032

  • SHA256

    93645faac95453de4596a1a6c1e79b3f703d73bfceb84cad8ec3dd5b857e86f7

  • SHA512

    5b43fbf0929c396fec67891551ade1b2ab0427531cc0de87fb3f929ea54672e9b64a0a0e7a43ff6000f3245ff568f4c9be2086a50862671d422128de91751655

  • SSDEEP

    49152:2Wud7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31q4:Id7AfrlyutLxC3sEwwM3U4

Malware Config

Targets

    • Target

      93645faac95453de4596a1a6c1e79b3f703d73bfceb84cad8ec3dd5b857e86f7

    • Size

      2.4MB

    • MD5

      a15ebcf1c57e75403d6e0ee46a8f3a50

    • SHA1

      560b4054d7a4d26e680d746b85bb09e22abe0032

    • SHA256

      93645faac95453de4596a1a6c1e79b3f703d73bfceb84cad8ec3dd5b857e86f7

    • SHA512

      5b43fbf0929c396fec67891551ade1b2ab0427531cc0de87fb3f929ea54672e9b64a0a0e7a43ff6000f3245ff568f4c9be2086a50862671d422128de91751655

    • SSDEEP

      49152:2Wud7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31q4:Id7AfrlyutLxC3sEwwM3U4

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.