General

  • Target

    2024-07-27_fdde3ed02c2a08329b3373a0f801c6a7_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    240727-pvvjaatamf

  • MD5

    fdde3ed02c2a08329b3373a0f801c6a7

  • SHA1

    6bef1f41e398b37f4bb6d52b23438f623930aea9

  • SHA256

    bf64779509c7e0409f4831d93891d126f7fda848bcf41ceb1f1f9148898a7bd3

  • SHA512

    5ff21a6b4109d0816ed28fe70e68160b724e7999f17271531f19cb1589c80949ded5c9b566c16b62c30fa105395018c38b56aa4d2d90c8d39be36cce5754f3db

  • SSDEEP

    49152:zPE6vXDUOYQMqclLy0wsXuhXaGboP4ACQDAknmCwlzI8ndTyw+AZ/WY4N2WwW/Kt:LFvXfMFLySXuhXaSoP4ACYAknmCMIUya

Malware Config

Targets

    • Target

      2024-07-27_fdde3ed02c2a08329b3373a0f801c6a7_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      fdde3ed02c2a08329b3373a0f801c6a7

    • SHA1

      6bef1f41e398b37f4bb6d52b23438f623930aea9

    • SHA256

      bf64779509c7e0409f4831d93891d126f7fda848bcf41ceb1f1f9148898a7bd3

    • SHA512

      5ff21a6b4109d0816ed28fe70e68160b724e7999f17271531f19cb1589c80949ded5c9b566c16b62c30fa105395018c38b56aa4d2d90c8d39be36cce5754f3db

    • SSDEEP

      49152:zPE6vXDUOYQMqclLy0wsXuhXaGboP4ACQDAknmCwlzI8ndTyw+AZ/WY4N2WwW/Kt:LFvXfMFLySXuhXaSoP4ACYAknmCMIUya

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks