Overview

overview

10

Static

static

1

0e25733afe...87.exe

windows7-x64

10

0e25733afe...87.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e25733afe02522e44cfacf326cbff4d028e49d693e470bd96ed59f2682a9a87

  • Size

    6.4MB

  • Sample

    241224-hf1nesspdl

  • MD5

    62f8b6ce0fb21498e19e70643b28d5fd

  • SHA1

    318656a684132e728a1115123a4412539875b445

  • SHA256

    0e25733afe02522e44cfacf326cbff4d028e49d693e470bd96ed59f2682a9a87

  • SHA512

    633a0db0b41f7d829bde23410b57b4cfdc1a9e030730a7ee3034d943a23391ba31c58a0111adf25ff4deb9607703ecabf4bf9fd90b1e8fdea475bbc30b975a2c

  • SSDEEP

    98304:WfiJUk96GQyUb0D7PI2S02XIVn8tIT1rZ4t5oazq/BldHW6PDdlOVhQP35:WfNk+DE7PI+QITU9WrdHW6PZlcC

Score
10/10
floxifbackdoordiscoverypersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      0e25733afe02522e44cfacf326cbff4d028e49d693e470bd96ed59f2682a9a87

    • Size

      6.4MB

    • MD5

      62f8b6ce0fb21498e19e70643b28d5fd

    • SHA1

      318656a684132e728a1115123a4412539875b445

    • SHA256

      0e25733afe02522e44cfacf326cbff4d028e49d693e470bd96ed59f2682a9a87

    • SHA512

      633a0db0b41f7d829bde23410b57b4cfdc1a9e030730a7ee3034d943a23391ba31c58a0111adf25ff4deb9607703ecabf4bf9fd90b1e8fdea475bbc30b975a2c

    • SSDEEP

      98304:WfiJUk96GQyUb0D7PI2S02XIVn8tIT1rZ4t5oazq/BldHW6PDdlOVhQP35:WfNk+DE7PI+QITU9WrdHW6PZlcC

    Score
    10/10
    floxifbackdoordiscoverypersistencespywarestealertrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks