floxif | 2e08840a9a03c5070d1ff522d39f2918350f6b6f1681ad8afe19c6c8c1c46b4b | Triage

Submit
Reports

Overview

overview

Static

static

540e29d433...0N.exe

windows7-x64

540e29d433...0N.exe

windows10-2004-x64

Sharing

General

Target

540e29d433a62e86b834b9689058dd10N.exe
Size

164KB
Sample

240712-nfzzsa1drq
MD5

540e29d433a62e86b834b9689058dd10
SHA1

29ec51f76995586ede29ab3982e34ce78cc4b0b9
SHA256

2e08840a9a03c5070d1ff522d39f2918350f6b6f1681ad8afe19c6c8c1c46b4b
SHA512

6cde6b3861032dc5347266d7226a535467bceb0ef62a3bbca77a772bdf5bfe05264bf1c8dfb038e44949c91bfb5131cc4607341e99b3715401e6df000d015ac6
SSDEEP

3072:c0poOfa6+Juc7ZaKHKp2lQBV+UdE+rECWp7hKt/b:c0ppi6+JDZlHK9BV+UdvrEFp7hKtj

Score

10^/10

floxif phorphiex backdoor evasion loader persistence trojan upx worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

540e29d433a62e86b834b9689058dd10N.exe

Resource

win7-20240708-en

floxif phorphiex backdoor evasion loader persistence trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

540e29d433a62e86b834b9689058dd10N.exe

Resource

win10v2004-20240709-en

floxif phorphiex backdoor evasion loader persistence trojan upx worm

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

phorphiex

C2

http://185.215.113.66/

http://77.91.77.92/

http://91.202.233.141/

Wallets

0xCa90599132C4D88907Bd8E046540284aa468a035

TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6

qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

XryzFMFVpDUvU7famUGf214EXD3xNUSmQf

LLeT2zkStY3cvxMBFhoWXkG5VuZPoezduv

rwc4LVd9ABpULQ1CuCpDkgX2xVB1fUijyb

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC

17hgMFyLDwMjxWqw5GhijhnPdJDyFDqecY

ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp

3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc

3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3

DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA

t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh

stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj

bnb1epx67ne4vckqmaj4gwke8m322f4yjr6eh52wqw

bc1qmpkehfffkr6phuklsksnd7nhgx0369sxu772m3

bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r

GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3

Attributes

mutex
55a4er5wo
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Targets

- Target
  
  540e29d433a62e86b834b9689058dd10N.exe
- Size
  
  164KB
- MD5
  
  540e29d433a62e86b834b9689058dd10
- SHA1
  
  29ec51f76995586ede29ab3982e34ce78cc4b0b9
- SHA256
  
  2e08840a9a03c5070d1ff522d39f2918350f6b6f1681ad8afe19c6c8c1c46b4b
- SHA512
  
  6cde6b3861032dc5347266d7226a535467bceb0ef62a3bbca77a772bdf5bfe05264bf1c8dfb038e44949c91bfb5131cc4607341e99b3715401e6df000d015ac6
- SSDEEP
  
  3072:c0poOfa6+Juc7ZaKHKp2lQBV+UdE+rECWp7hKt/b:c0ppi6+JDZlHK9BV+UdvrEFp7hKtj
Score

10^/10

floxif phorphiex backdoor evasion loader persistence trojan upx worm
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Modifies security service
  evasion
- Phorphiex payload
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Windows security bypass
  evasion trojan
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifphorphiexbackdoorevasionloaderpersistencetrojanupxworm

behavioral2

floxifphorphiexbackdoorevasionloaderpersistencetrojanupxworm

© 2018-2024

Terms | Privacy