General
-
Target
0594aa7282ccb62225f7227ff5fc0c62b6f9d8020fc47d56b45324daf93af0c5
-
Size
2.2MB
-
Sample
250103-xy4kcsypdz
-
MD5
63b5c9939a908a3accf3116b28ceb82c
-
SHA1
594a6c145649e76c7436b3c13cb213b1319cc48e
-
SHA256
0594aa7282ccb62225f7227ff5fc0c62b6f9d8020fc47d56b45324daf93af0c5
-
SHA512
6e934c5cbae5bf268ea96917a05d90fedfa99c7f3003d6b1fffe73dfad0ffb5fd218fe87c7d345d857852f0753a9ede5b6d54d9ef4fad86e7290922b01fb1278
-
SSDEEP
49152:n+Abw0dQH5x+E1Q9AA06OT9S7+rICzXNagRt532Z8Jtd:+AJdi3+ZN06+Nzdn5w8N
Malware Config
Targets
-
-
Target
0594aa7282ccb62225f7227ff5fc0c62b6f9d8020fc47d56b45324daf93af0c5
-
Size
2.2MB
-
MD5
63b5c9939a908a3accf3116b28ceb82c
-
SHA1
594a6c145649e76c7436b3c13cb213b1319cc48e
-
SHA256
0594aa7282ccb62225f7227ff5fc0c62b6f9d8020fc47d56b45324daf93af0c5
-
SHA512
6e934c5cbae5bf268ea96917a05d90fedfa99c7f3003d6b1fffe73dfad0ffb5fd218fe87c7d345d857852f0753a9ede5b6d54d9ef4fad86e7290922b01fb1278
-
SSDEEP
49152:n+Abw0dQH5x+E1Q9AA06OT9S7+rICzXNagRt532Z8Jtd:+AJdi3+ZN06+Nzdn5w8N
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Downloads MZ/PE file
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1