General

  • Target

    2024-07-27_0e44b184a2174b99889ccd0e6cd299ee_floxif_mafia

  • Size

    2.5MB

  • Sample

    240727-pk1ybasfja

  • MD5

    0e44b184a2174b99889ccd0e6cd299ee

  • SHA1

    5bff702a4576ed2b61ce1bedaed6dc727a10336d

  • SHA256

    22827ae634ce2c8790c96b05681dcdfb68f1a664f15afdc8871ddabe83527fe9

  • SHA512

    f0c55f55dacc26987294342bb4a55a84fbe92e7b647b097f1f7867617cfdac1fa54c264dfd10ef429adb044f5d3b9075c34240697912031a4538b3844a5eb130

  • SSDEEP

    49152:9uIIKlofs2hPd2l177BTK2VbDsar1YDj4:9jkfs2hPIl1/r

Malware Config

Targets

    • Target

      2024-07-27_0e44b184a2174b99889ccd0e6cd299ee_floxif_mafia

    • Size

      2.5MB

    • MD5

      0e44b184a2174b99889ccd0e6cd299ee

    • SHA1

      5bff702a4576ed2b61ce1bedaed6dc727a10336d

    • SHA256

      22827ae634ce2c8790c96b05681dcdfb68f1a664f15afdc8871ddabe83527fe9

    • SHA512

      f0c55f55dacc26987294342bb4a55a84fbe92e7b647b097f1f7867617cfdac1fa54c264dfd10ef429adb044f5d3b9075c34240697912031a4538b3844a5eb130

    • SSDEEP

      49152:9uIIKlofs2hPd2l177BTK2VbDsar1YDj4:9jkfs2hPIl1/r

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks