General

  • Target

    a142a6652117f4a2e01caaaf8a273384494292bb98efd2524b36b119201477e9

  • Size

    3.8MB

  • Sample

    241220-fjc1eszpaw

  • MD5

    8eca649f7af62e1aec1c09064da100df

  • SHA1

    f20108f98b2a2bfecb8c365da01d08d71c00a3dc

  • SHA256

    a142a6652117f4a2e01caaaf8a273384494292bb98efd2524b36b119201477e9

  • SHA512

    1a77e97f1f18e9f9f6a212eb34951feb355aa6f47b071b6a6a10d82e2bb9e1545acadc5fccb2f118bd66b0eeb90c5be8f72e5cb1a834225203a2f85dc5a93f3a

  • SSDEEP

    49152:VwYCFEJz3sKcA1990FW6drnq9QF/Fs454vn6puWV355FXw/+euWV355FXw/+AuW0:VwYzenA1990FW6drnq9QpFXmv8k

Malware Config

Targets

    • Target

      a142a6652117f4a2e01caaaf8a273384494292bb98efd2524b36b119201477e9

    • Size

      3.8MB

    • MD5

      8eca649f7af62e1aec1c09064da100df

    • SHA1

      f20108f98b2a2bfecb8c365da01d08d71c00a3dc

    • SHA256

      a142a6652117f4a2e01caaaf8a273384494292bb98efd2524b36b119201477e9

    • SHA512

      1a77e97f1f18e9f9f6a212eb34951feb355aa6f47b071b6a6a10d82e2bb9e1545acadc5fccb2f118bd66b0eeb90c5be8f72e5cb1a834225203a2f85dc5a93f3a

    • SSDEEP

      49152:VwYCFEJz3sKcA1990FW6drnq9QF/Fs454vn6puWV355FXw/+euWV355FXw/+AuW0:VwYzenA1990FW6drnq9QpFXmv8k

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Possible privilege escalation attempt

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.