General
-
Target
001186bb430bd4fdff55158964c0ad6b07d145edce29b580ac096adfe5b4d8cf
-
Size
12.2MB
-
Sample
241224-jk5zdasrat
-
MD5
085deb14c2eb2c0cd09a85351eddda0f
-
SHA1
1de4f5708e70313dc7870b3a5ba0784af8364558
-
SHA256
001186bb430bd4fdff55158964c0ad6b07d145edce29b580ac096adfe5b4d8cf
-
SHA512
c31ec9dc61f9b1bfb735621f2ee73242f94b2b14f902cc0c94d7a6f18d3f9c4a6589cde93ca42851202212133d522ae0ee55fcdff0cbac8b49d738113b49cae6
-
SSDEEP
196608:iuyjAiK0/F7OHK1NjEKKQsS4Kl26EnHs01q1CHv0rsFvVhYyg5aduB2EsAQEfQXX:QjdKS74KgS66EnMCADovVhYxcE+X
Malware Config
Targets
-
-
Target
001186bb430bd4fdff55158964c0ad6b07d145edce29b580ac096adfe5b4d8cf
-
Size
12.2MB
-
MD5
085deb14c2eb2c0cd09a85351eddda0f
-
SHA1
1de4f5708e70313dc7870b3a5ba0784af8364558
-
SHA256
001186bb430bd4fdff55158964c0ad6b07d145edce29b580ac096adfe5b4d8cf
-
SHA512
c31ec9dc61f9b1bfb735621f2ee73242f94b2b14f902cc0c94d7a6f18d3f9c4a6589cde93ca42851202212133d522ae0ee55fcdff0cbac8b49d738113b49cae6
-
SSDEEP
196608:iuyjAiK0/F7OHK1NjEKKQsS4Kl26EnHs01q1CHv0rsFvVhYyg5aduB2EsAQEfQXX:QjdKS74KgS66EnMCADovVhYxcE+X
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-