floxif | f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

f9dfd79151...97.exe

windows7-x64

f9dfd79151...97.exe

windows10-2004-x64

Sharing

General

Target

f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597
Size

841KB
Sample

240703-fqzsrsyekh
MD5

6b34e2289e78e1e251655b8da5b7446c
SHA1

c74c065b9169e1ae7ee01d4bcdd265e25a22595d
SHA256

f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597
SHA512

6d469c34b74696b19ae32ce07aa98917ed11d3db15f339a0a456bf93e2005f2c0af42f5e34e94d06893cc7906ff5de5ba6bc1c243544ed586d64bd8444a041f6
SSDEEP

12288:faWzgMG7v3qnCiLErQohhQb4cCJ8lnyuQ4BgWlRPT0lBjvrEH7Hn:CaH2v6CTrj+nyuQ4hRPUrEH7H

Score

10^/10

floxif backdoor persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597.exe

Resource

win7-20240220-en

floxif backdoor persistence privilege_escalation trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597.exe

Resource

win10v2004-20240508-en

floxif backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597
- Size
  
  841KB
- MD5
  
  6b34e2289e78e1e251655b8da5b7446c
- SHA1
  
  c74c065b9169e1ae7ee01d4bcdd265e25a22595d
- SHA256
  
  f9dfd791515ca089de8b77257d47e0ef0349fee7f1917769841cd3a086157597
- SHA512
  
  6d469c34b74696b19ae32ce07aa98917ed11d3db15f339a0a456bf93e2005f2c0af42f5e34e94d06893cc7906ff5de5ba6bc1c243544ed586d64bd8444a041f6
- SSDEEP
  
  12288:faWzgMG7v3qnCiLErQohhQb4cCJ8lnyuQ4BgWlRPT0lBjvrEH7Hn:CaH2v6CTrj+nyuQ4hRPUrEH7H
Score

10^/10

floxif backdoor persistence privilege_escalation trojan upx
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoorpersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoortrojanupx

© 2018-2025

Terms | Privacy