General

  • Target

    84a118492519a21d355fcd1a4e8dd26b329c6fd68f7b45c9142c66319b6798e6

  • Size

    811KB

  • Sample

    241219-gwqbys1rbz

  • MD5

    298acdcf8e2816bad9b9330b53cc7e8f

  • SHA1

    6683b7cbb787fd11882d6f4dc6ecd9c261892c72

  • SHA256

    84a118492519a21d355fcd1a4e8dd26b329c6fd68f7b45c9142c66319b6798e6

  • SHA512

    d33bdbdf3932c588b377e46c9bdaae3b18d0fca05476e1852644efcbf16f80650df2e9bfa74251af3222a40f42ba74716afeba8fa3963fc0156112f0d8e10077

  • SSDEEP

    12288:CmKvEGerEsTmsb6+D4AhSJgmy/NTJkr7uDBvhGpyZmaFgBjvrEH74:CmpGCdTmsL7SJgV/Zqrih4yZmmCrEH74

Malware Config

Targets

    • Target

      84a118492519a21d355fcd1a4e8dd26b329c6fd68f7b45c9142c66319b6798e6

    • Size

      811KB

    • MD5

      298acdcf8e2816bad9b9330b53cc7e8f

    • SHA1

      6683b7cbb787fd11882d6f4dc6ecd9c261892c72

    • SHA256

      84a118492519a21d355fcd1a4e8dd26b329c6fd68f7b45c9142c66319b6798e6

    • SHA512

      d33bdbdf3932c588b377e46c9bdaae3b18d0fca05476e1852644efcbf16f80650df2e9bfa74251af3222a40f42ba74716afeba8fa3963fc0156112f0d8e10077

    • SSDEEP

      12288:CmKvEGerEsTmsb6+D4AhSJgmy/NTJkr7uDBvhGpyZmaFgBjvrEH74:CmpGCdTmsL7SJgV/Zqrih4yZmmCrEH74

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.