floxif | 866bdba016657801637c10e53724538d4b9d2cb86429d1e82a8451312ea51250 | Triage

Submit
Reports

Overview

overview

Static

static

7

09ffbeecf6...0N.exe

windows7-x64

09ffbeecf6...0N.exe

windows10-2004-x64

Sharing

General

Target

09ffbeecf61eaa93ab37833f6b1c0430N.exe
Size

209KB
Sample

240708-1pcxtsshng
MD5

09ffbeecf61eaa93ab37833f6b1c0430
SHA1

0522e0556207422e8aea0ef9b2a2e1f1bda64bfb
SHA256

866bdba016657801637c10e53724538d4b9d2cb86429d1e82a8451312ea51250
SHA512

79e4f07fe2471564893b209ba9661d3c661269cf7b9a65f4a015dbe51bdea478c20394943c3a91bdbffdfedd94b27acdc6c5daaab145da3cf5d2e1dc91b90a25
SSDEEP

3072:CZx8gJscD1UnU+JZoutueXlCJQ33f8PfJA+R4NvVwFmrtBj7:w2As81UnUEoSZnU3JAEwVwUrTn

Score

10^/10

floxif backdoor evasion persistence privilege_escalation trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

09ffbeecf61eaa93ab37833f6b1c0430N.exe

Resource

win7-20240705-en

floxif backdoor evasion persistence privilege_escalation trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

09ffbeecf61eaa93ab37833f6b1c0430N.exe

Resource

win10v2004-20240704-en

floxif backdoor evasion persistence trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  09ffbeecf61eaa93ab37833f6b1c0430N.exe
- Size
  
  209KB
- MD5
  
  09ffbeecf61eaa93ab37833f6b1c0430
- SHA1
  
  0522e0556207422e8aea0ef9b2a2e1f1bda64bfb
- SHA256
  
  866bdba016657801637c10e53724538d4b9d2cb86429d1e82a8451312ea51250
- SHA512
  
  79e4f07fe2471564893b209ba9661d3c661269cf7b9a65f4a015dbe51bdea478c20394943c3a91bdbffdfedd94b27acdc6c5daaab145da3cf5d2e1dc91b90a25
- SSDEEP
  
  3072:CZx8gJscD1UnU+JZoutueXlCJQ33f8PfJA+R4NvVwFmrtBj7:w2As81UnUEoSZnU3JAEwVwUrTn
Score

10^/10

floxif backdoor evasion persistence privilege_escalation trojan upx
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Detects Floxif payload
  backdoor
- Drops file in Drivers directory
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

AppInit DLLs

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoorevasionpersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy