Overview

overview

10

Static

static

5

10244a89f5...89.exe

windows7-x64

10

10244a89f5...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10244a89f57b8142e2e151480d8d1bef82f9c14610cf8049d0e9c9b0470f0c89

  • Size

    9.5MB

  • Sample

    241224-jk28gssqhy

  • MD5

    e3608e7a912f566f13c9dd67dfbe21bb

  • SHA1

    ce88fa72bd84dd9de23a6f35ea0bc9ffdac55d61

  • SHA256

    10244a89f57b8142e2e151480d8d1bef82f9c14610cf8049d0e9c9b0470f0c89

  • SHA512

    d06f060b4fe04d0535677f795fbc6c968184052e05b3d9c356ec10fc48a7536e1fa0ac17c5422e07434829e7b9acbb13fdafca0d614ab21009d55919c87d11a7

  • SSDEEP

    196608:UFtWWfKfTYcr/Fqq+K4qpm9u+fUS/tseCt5ikPGfkpC6ARPkQ6Q:UFxfro/0q9vm9u+8S4TiXKC6ARPOQ

Score
10/10
floxifbackdoordefense_evasiondiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      10244a89f57b8142e2e151480d8d1bef82f9c14610cf8049d0e9c9b0470f0c89

    • Size

      9.5MB

    • MD5

      e3608e7a912f566f13c9dd67dfbe21bb

    • SHA1

      ce88fa72bd84dd9de23a6f35ea0bc9ffdac55d61

    • SHA256

      10244a89f57b8142e2e151480d8d1bef82f9c14610cf8049d0e9c9b0470f0c89

    • SHA512

      d06f060b4fe04d0535677f795fbc6c968184052e05b3d9c356ec10fc48a7536e1fa0ac17c5422e07434829e7b9acbb13fdafca0d614ab21009d55919c87d11a7

    • SSDEEP

      196608:UFtWWfKfTYcr/Fqq+K4qpm9u+fUS/tseCt5ikPGfkpC6ARPkQ6Q:UFxfro/0q9vm9u+8S4TiXKC6ARPOQ

    Score
    10/10
    floxifbackdoordefense_evasiondiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks