General
-
Target
28e03cb3d15032e6d292246d3d8fbf20N.exe
-
Size
209KB
-
Sample
240709-eg2qbsxdjc
-
MD5
28e03cb3d15032e6d292246d3d8fbf20
-
SHA1
7b31fd40bfd8f7d889dad2c9c894d2a785919b8c
-
SHA256
f22e514699908461857b4d80977b56af783c3eeae97dfe7ed6ecf38e255f9fa2
-
SHA512
189bce611c9f23859f9de444096fec7df87d34fdfebc86ae7253f6e1350de24326a8cd4c6393e34f0ba89b6b16f5b45df428ae7194850b05bcbc9e08984517d4
-
SSDEEP
3072:CZx8gJsculEa+J2outueXlCJQ33f8PfJA+R4NvVwFmrtBj3:w2AsnlEanoSZnU3JAEwVwUrT7
Malware Config
Targets
-
-
Target
28e03cb3d15032e6d292246d3d8fbf20N.exe
-
Size
209KB
-
MD5
28e03cb3d15032e6d292246d3d8fbf20
-
SHA1
7b31fd40bfd8f7d889dad2c9c894d2a785919b8c
-
SHA256
f22e514699908461857b4d80977b56af783c3eeae97dfe7ed6ecf38e255f9fa2
-
SHA512
189bce611c9f23859f9de444096fec7df87d34fdfebc86ae7253f6e1350de24326a8cd4c6393e34f0ba89b6b16f5b45df428ae7194850b05bcbc9e08984517d4
-
SSDEEP
3072:CZx8gJsculEa+J2outueXlCJQ33f8PfJA+R4NvVwFmrtBj3:w2AsnlEanoSZnU3JAEwVwUrT7
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
UAC bypass
-
Windows security bypass
-
Detects Floxif payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1