General

  • Target

    19bc4ee25156c5561a9a7028fbbd22d577234f27cf9509225583e9c8d796e803

  • Size

    1.6MB

  • Sample

    241223-hhrhjaxjet

  • MD5

    de338db8aab4b895d995a850bac956d3

  • SHA1

    def4309fcbdb5169c2643f00575b732eab3f4959

  • SHA256

    19bc4ee25156c5561a9a7028fbbd22d577234f27cf9509225583e9c8d796e803

  • SHA512

    1e889a3d7fb3c2447f22e6a41596938051eba5797d67aec2a278a47cc3bc8e9a6c03aafec0ebc9e3ae80171da3108fb91b62c982431a47dafe0046b255c063a7

  • SSDEEP

    24576:EedIJcNVXu2hBHfU+HraM8kOJAoy2eXWDhhOfrRP8HE+yEJfE9iQsnL44Euxo2U+:dJHflOrGqkwJfEHKLZEux3U+

Malware Config

Targets

    • Target

      19bc4ee25156c5561a9a7028fbbd22d577234f27cf9509225583e9c8d796e803

    • Size

      1.6MB

    • MD5

      de338db8aab4b895d995a850bac956d3

    • SHA1

      def4309fcbdb5169c2643f00575b732eab3f4959

    • SHA256

      19bc4ee25156c5561a9a7028fbbd22d577234f27cf9509225583e9c8d796e803

    • SHA512

      1e889a3d7fb3c2447f22e6a41596938051eba5797d67aec2a278a47cc3bc8e9a6c03aafec0ebc9e3ae80171da3108fb91b62c982431a47dafe0046b255c063a7

    • SSDEEP

      24576:EedIJcNVXu2hBHfU+HraM8kOJAoy2eXWDhhOfrRP8HE+yEJfE9iQsnL44Euxo2U+:dJHflOrGqkwJfEHKLZEux3U+

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks