General

  • Target

    2024-07-27_4d6063f3a45bbd6362de701cb225a36a_floxif_mafia

  • Size

    2.5MB

  • Sample

    240727-pm2mmazblq

  • MD5

    4d6063f3a45bbd6362de701cb225a36a

  • SHA1

    ac29a7a816f4c2a01e7679299f815f3b6f39bda1

  • SHA256

    fdc4cb3d819e1ecc653beb63f9f8c82378d0ad9a7d8dfe14a5b7e2040e7e1ab8

  • SHA512

    4a7e9759c827fbd48316bc717b09ca12a29696aa824fd0adaa992a04785e43f4899809610c441aaf2084e8f7fdffa36a7859f21e8326adeed40cad3e1bf4c781

  • SSDEEP

    49152:tuIEKxofs2hPd2l177BTK2VbDsar1YDjL:tj8fs2hPIl1/k

Malware Config

Targets

    • Target

      2024-07-27_4d6063f3a45bbd6362de701cb225a36a_floxif_mafia

    • Size

      2.5MB

    • MD5

      4d6063f3a45bbd6362de701cb225a36a

    • SHA1

      ac29a7a816f4c2a01e7679299f815f3b6f39bda1

    • SHA256

      fdc4cb3d819e1ecc653beb63f9f8c82378d0ad9a7d8dfe14a5b7e2040e7e1ab8

    • SHA512

      4a7e9759c827fbd48316bc717b09ca12a29696aa824fd0adaa992a04785e43f4899809610c441aaf2084e8f7fdffa36a7859f21e8326adeed40cad3e1bf4c781

    • SSDEEP

      49152:tuIEKxofs2hPd2l177BTK2VbDsar1YDjL:tj8fs2hPIl1/k

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks