Overview

overview

10

Static

static

1

721a997269...3N.exe

windows7-x64

10

721a997269...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    721a997269bf8691bb46b40baa9d920f09ddb74e61f8da2f5d15270253145403N.exe

  • Size

    386KB

  • Sample

    241222-gs8zwsxkdp

  • MD5

    d673e2ef1609f1e6c5e7e2d186e336c0

  • SHA1

    7844f94ea2f1d99319b32f67d0d4619e0e64225f

  • SHA256

    721a997269bf8691bb46b40baa9d920f09ddb74e61f8da2f5d15270253145403

  • SHA512

    a3d9f5046a8438d1168f8fff22adb0b86ebae2ec53d1ce0a3c774b8a06e787396332afd25a1394340b199c11599670c56ef11ff68df3ab8d9ed42d17ebda98d5

  • SSDEEP

    12288:gTKWWpP8afBmqx/uDmf8mDiy7/5/QWPCY+NBjvrEH7Jt:gTx+PLf4mGvOl7/V4Y+DrEH7Jt

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      721a997269bf8691bb46b40baa9d920f09ddb74e61f8da2f5d15270253145403N.exe

    • Size

      386KB

    • MD5

      d673e2ef1609f1e6c5e7e2d186e336c0

    • SHA1

      7844f94ea2f1d99319b32f67d0d4619e0e64225f

    • SHA256

      721a997269bf8691bb46b40baa9d920f09ddb74e61f8da2f5d15270253145403

    • SHA512

      a3d9f5046a8438d1168f8fff22adb0b86ebae2ec53d1ce0a3c774b8a06e787396332afd25a1394340b199c11599670c56ef11ff68df3ab8d9ed42d17ebda98d5

    • SSDEEP

      12288:gTKWWpP8afBmqx/uDmf8mDiy7/5/QWPCY+NBjvrEH7Jt:gTx+PLf4mGvOl7/V4Y+DrEH7Jt

    Score
    10/10
    floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks