General

  • Target

    b2cb0501b4934b17e4e513bde4ca1a641802b8d47609734ecd4f496a13f9721cN.exe

  • Size

    621KB

  • Sample

    241217-kye6jswjdy

  • MD5

    29224e035bfbd393b25e48c8ef6049c0

  • SHA1

    33554727d821f2289b435640a96fd84de9e09d10

  • SHA256

    b2cb0501b4934b17e4e513bde4ca1a641802b8d47609734ecd4f496a13f9721c

  • SHA512

    7b51948e1db7e80c35340c7b96627155d27c066002322aec8117496dd6d49fb397a70e25306d877989d1c585e05274ac5285d00a5702f0c14385676d947b5d55

  • SSDEEP

    12288:8itOFysp2RUw+V049Likn+YrMFeOS8sdi13FN5vQ8devrXBjvrEH7g9:8iGs6HAFVVFddcr1rEH7g9

Malware Config

Targets

    • Target

      b2cb0501b4934b17e4e513bde4ca1a641802b8d47609734ecd4f496a13f9721cN.exe

    • Size

      621KB

    • MD5

      29224e035bfbd393b25e48c8ef6049c0

    • SHA1

      33554727d821f2289b435640a96fd84de9e09d10

    • SHA256

      b2cb0501b4934b17e4e513bde4ca1a641802b8d47609734ecd4f496a13f9721c

    • SHA512

      7b51948e1db7e80c35340c7b96627155d27c066002322aec8117496dd6d49fb397a70e25306d877989d1c585e05274ac5285d00a5702f0c14385676d947b5d55

    • SSDEEP

      12288:8itOFysp2RUw+V049Likn+YrMFeOS8sdi13FN5vQ8devrXBjvrEH7g9:8iGs6HAFVVFddcr1rEH7g9

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks