General
-
Target
3c946b87e1e52334bf0879aa69efa057e132dc47303acdd690a82be05d4e07ce
-
Size
4.8MB
-
Sample
241224-hfy5lasmhv
-
MD5
c26547a826c02f302ca3cca35e20d3d7
-
SHA1
c2cf8d08dee20656988ff4907362bcc2a1bef1a7
-
SHA256
3c946b87e1e52334bf0879aa69efa057e132dc47303acdd690a82be05d4e07ce
-
SHA512
3b6a5ffea07f689b588e16d5975dbf5ec5a286ba1bef3efa9e89ec7522e3b0ad5d06bf61637f83044dd85f528fff289fd7ae42efa7b9497d6d00694b81711229
-
SSDEEP
98304:2KBzPB6ZgoLpcrxVH/6zcaJPiJwbkZT/W0EBHp1rJGh2:2KBzp6DpcrxyciUW0Ep1rJS2
Malware Config
Targets
-
-
Target
3c946b87e1e52334bf0879aa69efa057e132dc47303acdd690a82be05d4e07ce
-
Size
4.8MB
-
MD5
c26547a826c02f302ca3cca35e20d3d7
-
SHA1
c2cf8d08dee20656988ff4907362bcc2a1bef1a7
-
SHA256
3c946b87e1e52334bf0879aa69efa057e132dc47303acdd690a82be05d4e07ce
-
SHA512
3b6a5ffea07f689b588e16d5975dbf5ec5a286ba1bef3efa9e89ec7522e3b0ad5d06bf61637f83044dd85f528fff289fd7ae42efa7b9497d6d00694b81711229
-
SSDEEP
98304:2KBzPB6ZgoLpcrxVH/6zcaJPiJwbkZT/W0EBHp1rJGh2:2KBzp6DpcrxyciUW0Ep1rJS2
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
A potential corporate email address has been identified in the URL: [email protected]
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1