Overview

overview

10

Static

static

1

8fb85f6d64...7b.exe

windows7-x64

10

8fb85f6d64...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fb85f6d64f04502fbaee4c1ddd3cd3fdc069548cd10b8021da43bfa355d027b

  • Size

    1.4MB

  • Sample

    250111-dvgrms1mdw

  • MD5

    7aebcfcd9da4c45f6a5ccf7585c7074e

  • SHA1

    d50b63acb71520760618892324f8d4827ae52813

  • SHA256

    8fb85f6d64f04502fbaee4c1ddd3cd3fdc069548cd10b8021da43bfa355d027b

  • SHA512

    f25b78731c37755e2352a52bd0f10f7ffb2efae22d0eef9a0178c203e33944e93d0b1d61dfcc7ab700adeea95ac94aa001efa9c91e96037f8b513a41af6633bb

  • SSDEEP

    24576:hGKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6o:YKjKWQc2b1FVgbjrjxPe1pbPSQm1FloY

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      8fb85f6d64f04502fbaee4c1ddd3cd3fdc069548cd10b8021da43bfa355d027b

    • Size

      1.4MB

    • MD5

      7aebcfcd9da4c45f6a5ccf7585c7074e

    • SHA1

      d50b63acb71520760618892324f8d4827ae52813

    • SHA256

      8fb85f6d64f04502fbaee4c1ddd3cd3fdc069548cd10b8021da43bfa355d027b

    • SHA512

      f25b78731c37755e2352a52bd0f10f7ffb2efae22d0eef9a0178c203e33944e93d0b1d61dfcc7ab700adeea95ac94aa001efa9c91e96037f8b513a41af6633bb

    • SSDEEP

      24576:hGKjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+L6o:YKjKWQc2b1FVgbjrjxPe1pbPSQm1FloY

    Score
    10/10
    floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks