floxif | d269700900bd2fadc7b2a2d733116e6f18b5b879d1a29bcf620093c40566cad3 | Triage

Submit
Reports

Overview

overview

Static

static

1

2024-07-10...er.exe

windows7-x64

2024-07-10...er.exe

windows10-2004-x64

Sharing

General

Target

2024-07-10_5361b3cedd86c52c7eead816e964f4af_floxif_magniber
Size

10.2MB
Sample

240710-g7rzxstfje
MD5

5361b3cedd86c52c7eead816e964f4af
SHA1

b96b97e033c4fa7b198d79b38ba735f04cd749ba
SHA256

d269700900bd2fadc7b2a2d733116e6f18b5b879d1a29bcf620093c40566cad3
SHA512

b14cd054a1d0188d35ee3ac3643a53a861a9f2e394dcd32babf91d810f87bc1edfe4d6bc5a140906a944ad8194afcbc78213aa8c65b146fc1681be7a4e5e5f1b
SSDEEP

196608:Jdad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvq7:/adCoXrlAJ7N3pXW2uGzy7

Score

10^/10

floxif backdoor discovery spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2024-07-10_5361b3cedd86c52c7eead816e964f4af_floxif_magniber.exe

Resource

win7-20240704-en

floxif backdoor discovery spyware stealer trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-07-10_5361b3cedd86c52c7eead816e964f4af_floxif_magniber.exe

Resource

win10v2004-20240709-en

floxif backdoor discovery spyware stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-07-10_5361b3cedd86c52c7eead816e964f4af_floxif_magniber
- Size
  
  10.2MB
- MD5
  
  5361b3cedd86c52c7eead816e964f4af
- SHA1
  
  b96b97e033c4fa7b198d79b38ba735f04cd749ba
- SHA256
  
  d269700900bd2fadc7b2a2d733116e6f18b5b879d1a29bcf620093c40566cad3
- SHA512
  
  b14cd054a1d0188d35ee3ac3643a53a861a9f2e394dcd32babf91d810f87bc1edfe4d6bc5a140906a944ad8194afcbc78213aa8c65b146fc1681be7a4e5e5f1b
- SSDEEP
  
  196608:Jdad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvq7:/adCoXrlAJ7N3pXW2uGzy7
Score

10^/10

floxif backdoor discovery spyware stealer trojan upx
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoveryspywarestealertrojanupx

behavioral2

floxifbackdoordiscoveryspywarestealertrojanupx

© 2018-2024

Terms | Privacy