General

  • Target

    807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1

  • Size

    3.7MB

  • Sample

    250128-alts3a1lbr

  • MD5

    11f6f0550436ad955c7c2b4f41a94896

  • SHA1

    5443a7d9add5d0530621f2dbae5b27bdcf23a565

  • SHA256

    807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1

  • SHA512

    0ac800c1e460a01f6326c18d508e2db30338e5c0bdd0b2a11eaba81e592e4c13e8f9035a1b1b2c82c6bbe1231a4a67bcec7377d1e1c358b29ddb7e802a25d7f7

  • SSDEEP

    98304:35MQvY/NFRjQUEaUJhtH/Ll3AzrIdHM3AUDOE:J0dULh/Ll3grIdHM3AUDOE

Malware Config

Targets

    • Target

      807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1

    • Size

      3.7MB

    • MD5

      11f6f0550436ad955c7c2b4f41a94896

    • SHA1

      5443a7d9add5d0530621f2dbae5b27bdcf23a565

    • SHA256

      807376f59600671c258c4cf5cfaf89b3933bdef73cd425dae5f0e6fc315b3af1

    • SHA512

      0ac800c1e460a01f6326c18d508e2db30338e5c0bdd0b2a11eaba81e592e4c13e8f9035a1b1b2c82c6bbe1231a4a67bcec7377d1e1c358b29ddb7e802a25d7f7

    • SSDEEP

      98304:35MQvY/NFRjQUEaUJhtH/Ll3AzrIdHM3AUDOE:J0dULh/Ll3grIdHM3AUDOE

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.