General
-
Target
b857deb3e8e0bfd6013a1d38a25c05d1df82003d25b1d832fc182b64a0a6a038
-
Size
13.5MB
-
Sample
241222-gmseyswrbq
-
MD5
2ac299623e581962a3169f75c5d132d2
-
SHA1
d4d7b4ef53471ecd370c1db27ad67188d7dbc5fc
-
SHA256
b857deb3e8e0bfd6013a1d38a25c05d1df82003d25b1d832fc182b64a0a6a038
-
SHA512
14c85184894fb982a62cf82d80bab04d10a4790d68fdbe9f92e41a5e9efdd6d665fc400e5a4c072b81c4d1a908779eae33f9b910bbba9f8288c063b3f6e159ef
-
SSDEEP
393216:yk4dEvzp9BK8IQp4tUNW8BqXFz7fagpNSYtTDjEY:yk4yt9BbK8BsFz7fBNXvjR
Malware Config
Targets
-
-
Target
b857deb3e8e0bfd6013a1d38a25c05d1df82003d25b1d832fc182b64a0a6a038
-
Size
13.5MB
-
MD5
2ac299623e581962a3169f75c5d132d2
-
SHA1
d4d7b4ef53471ecd370c1db27ad67188d7dbc5fc
-
SHA256
b857deb3e8e0bfd6013a1d38a25c05d1df82003d25b1d832fc182b64a0a6a038
-
SHA512
14c85184894fb982a62cf82d80bab04d10a4790d68fdbe9f92e41a5e9efdd6d665fc400e5a4c072b81c4d1a908779eae33f9b910bbba9f8288c063b3f6e159ef
-
SSDEEP
393216:yk4dEvzp9BK8IQp4tUNW8BqXFz7fagpNSYtTDjEY:yk4yt9BbK8BsFz7fBNXvjR
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Downloads MZ/PE file
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1