General

  • Target

    2024-07-27_c23d5269f1c6ac7ddf1e07bb6cca044c_floxif_mafia

  • Size

    1.8MB

  • Sample

    240727-ps96yszdkl

  • MD5

    c23d5269f1c6ac7ddf1e07bb6cca044c

  • SHA1

    24d01b3707e573e47c6deaf0ddaa70ec60bb21aa

  • SHA256

    5660f411b8b36c4c23ef21d5aa1840d819a2ff0369e5b26da8d2f58711c1a38f

  • SHA512

    e78f8b157832aeef14f15737a3b2f6f61ef146bd8509553f3f798453a26815b126bfb93d88074a4a24a8f1bd87d330963a26d45a6fef15b27fac170960840a4d

  • SSDEEP

    49152:EJnJ1ivPNGPklQON6V2F/bqIdl/LmCvgPCle2LMkdBpviF9PWDvv2+:I1ivPNG0QOY2F/bqIdl/LmCvgPexLzvZ

Malware Config

Targets

    • Target

      2024-07-27_c23d5269f1c6ac7ddf1e07bb6cca044c_floxif_mafia

    • Size

      1.8MB

    • MD5

      c23d5269f1c6ac7ddf1e07bb6cca044c

    • SHA1

      24d01b3707e573e47c6deaf0ddaa70ec60bb21aa

    • SHA256

      5660f411b8b36c4c23ef21d5aa1840d819a2ff0369e5b26da8d2f58711c1a38f

    • SHA512

      e78f8b157832aeef14f15737a3b2f6f61ef146bd8509553f3f798453a26815b126bfb93d88074a4a24a8f1bd87d330963a26d45a6fef15b27fac170960840a4d

    • SSDEEP

      49152:EJnJ1ivPNGPklQON6V2F/bqIdl/LmCvgPCle2LMkdBpviF9PWDvv2+:I1ivPNG0QOY2F/bqIdl/LmCvgPexLzvZ

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks