General

  • Target

    2024-07-27_50e9b6a2966918f7026d42c4e6becda4_floxif_mafia

  • Size

    2.5MB

  • Sample

    240727-ppmlgszcjr

  • MD5

    50e9b6a2966918f7026d42c4e6becda4

  • SHA1

    b627f78b61802e53527131191d4b5b4d43c7cc95

  • SHA256

    934ded0e348c64e8f495e495cf59c22b8e3b40f1d38869d09fe7a88e374976e3

  • SHA512

    ec8c1314c18888fe665c051ba45504e984baa51dd2a5318af0d441cba4501ffd474ed6b62ee9ea21a5b98c018ac9bfa58ef61ddbd2aa487131f01a42fb12303d

  • SSDEEP

    49152:ouIIKbofs2hPd2l177BTK2VbDsar1YDjn:oj2fs2hPIl1/4

Malware Config

Targets

    • Target

      2024-07-27_50e9b6a2966918f7026d42c4e6becda4_floxif_mafia

    • Size

      2.5MB

    • MD5

      50e9b6a2966918f7026d42c4e6becda4

    • SHA1

      b627f78b61802e53527131191d4b5b4d43c7cc95

    • SHA256

      934ded0e348c64e8f495e495cf59c22b8e3b40f1d38869d09fe7a88e374976e3

    • SHA512

      ec8c1314c18888fe665c051ba45504e984baa51dd2a5318af0d441cba4501ffd474ed6b62ee9ea21a5b98c018ac9bfa58ef61ddbd2aa487131f01a42fb12303d

    • SSDEEP

      49152:ouIIKbofs2hPd2l177BTK2VbDsar1YDjn:oj2fs2hPIl1/4

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks