Overview

overview

10

Static

static

3

b4c9d752f8...4N.dll

windows7-x64

10

b4c9d752f8...4N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4c9d752f849c6682df14239d5e7dd6cd4e90f0ac7806424e8e05cd9deb6c8f4N.exe

  • Size

    4.9MB

  • Sample

    241216-q3rb9s1rfv

  • MD5

    a98c74d482855e3936850dc3d0f9ba80

  • SHA1

    b8cbd89be935d4deb0367d33bf13bc7ffb9aaa56

  • SHA256

    b4c9d752f849c6682df14239d5e7dd6cd4e90f0ac7806424e8e05cd9deb6c8f4

  • SHA512

    dfe23a886320ddb678e7109527f5ef51fd3827ce07a33141ba84b570565d19a3b8baa83f68428f7694e2de00425d5e9e58500fcf80bd951049ff02ec4d7f2005

  • SSDEEP

    98304:xlo0cEllMrJGs+Fz3WQIKQwe3Qq7DRicTllzCvAlqSZD:x2MlgynIKWpZicRU8

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      b4c9d752f849c6682df14239d5e7dd6cd4e90f0ac7806424e8e05cd9deb6c8f4N.exe

    • Size

      4.9MB

    • MD5

      a98c74d482855e3936850dc3d0f9ba80

    • SHA1

      b8cbd89be935d4deb0367d33bf13bc7ffb9aaa56

    • SHA256

      b4c9d752f849c6682df14239d5e7dd6cd4e90f0ac7806424e8e05cd9deb6c8f4

    • SHA512

      dfe23a886320ddb678e7109527f5ef51fd3827ce07a33141ba84b570565d19a3b8baa83f68428f7694e2de00425d5e9e58500fcf80bd951049ff02ec4d7f2005

    • SSDEEP

      98304:xlo0cEllMrJGs+Fz3WQIKQwe3Qq7DRicTllzCvAlqSZD:x2MlgynIKWpZicRU8

    Score
    10/10
    floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Blocklisted process makes network request

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks