General
-
Target
3ee6be4feeccf58b31e8c37983cddf8b39cbebf1c1604ae74d5df2cf8c6d27d2.exe
-
Size
532KB
-
Sample
250101-wdx2eaykhj
-
MD5
1fc9624a8430d580eb78fa8008cd615f
-
SHA1
4bca1e20fc28dbe67ae40b1847e8986570551ba1
-
SHA256
3ee6be4feeccf58b31e8c37983cddf8b39cbebf1c1604ae74d5df2cf8c6d27d2
-
SHA512
8501e398e46b014542c84fc6af1467258400133ab6fe75c95ba343875b51dfc003a294046e9f53b9943e31e53b40a71f83a7ba4f04e9991eedefae3432c89d9e
-
SSDEEP
6144:xlXqlvw5wsJnpICn19KkBNrxRQwH/VmVm73bj6yO+B0xl3Jwtt/MCxryZ6qAsys9:x19JpdDR+43j6yIlZwL/JryBAC3ZJV
Malware Config
Targets
-
-
Target
3ee6be4feeccf58b31e8c37983cddf8b39cbebf1c1604ae74d5df2cf8c6d27d2.exe
-
Size
532KB
-
MD5
1fc9624a8430d580eb78fa8008cd615f
-
SHA1
4bca1e20fc28dbe67ae40b1847e8986570551ba1
-
SHA256
3ee6be4feeccf58b31e8c37983cddf8b39cbebf1c1604ae74d5df2cf8c6d27d2
-
SHA512
8501e398e46b014542c84fc6af1467258400133ab6fe75c95ba343875b51dfc003a294046e9f53b9943e31e53b40a71f83a7ba4f04e9991eedefae3432c89d9e
-
SSDEEP
6144:xlXqlvw5wsJnpICn19KkBNrxRQwH/VmVm73bj6yO+B0xl3Jwtt/MCxryZ6qAsys9:x19JpdDR+43j6yIlZwL/JryBAC3ZJV
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-