General
-
Target
3feaad3886cd5c18a766a6da85d779cf0b26dd5623a125cb8e05bfac28181dacN.exe
-
Size
533KB
-
Sample
250124-ytaxxswkhy
-
MD5
a70672b440882880af76dff63883c4a0
-
SHA1
cdc0ed9c28d3517912cd0681f882d32bfc35f26a
-
SHA256
3feaad3886cd5c18a766a6da85d779cf0b26dd5623a125cb8e05bfac28181dac
-
SHA512
7350e69a72013cf3b51dda7b3d9ca89ce923f5fe4eb961fa7e0c7600e1884dfcb41bb80166bfcc8703f3affed83b27bbc18322494b115573d0b48a77c43f9553
-
SSDEEP
6144:kafsiuvAQ+tTm6cyERSiytjLhcyE4jKS6v6KmGBV+UdvrEFp7hK+6li:RCvAQ+q6ctRt6XWyfjOyKbBjvrEH7hv
Malware Config
Targets
-
-
Target
3feaad3886cd5c18a766a6da85d779cf0b26dd5623a125cb8e05bfac28181dacN.exe
-
Size
533KB
-
MD5
a70672b440882880af76dff63883c4a0
-
SHA1
cdc0ed9c28d3517912cd0681f882d32bfc35f26a
-
SHA256
3feaad3886cd5c18a766a6da85d779cf0b26dd5623a125cb8e05bfac28181dac
-
SHA512
7350e69a72013cf3b51dda7b3d9ca89ce923f5fe4eb961fa7e0c7600e1884dfcb41bb80166bfcc8703f3affed83b27bbc18322494b115573d0b48a77c43f9553
-
SSDEEP
6144:kafsiuvAQ+tTm6cyERSiytjLhcyE4jKS6v6KmGBV+UdvrEFp7hK+6li:RCvAQ+q6ctRt6XWyfjOyKbBjvrEH7hv
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1