General

  • Target

    2024-07-27_ddfacdca94092d41caa342f90cd630b3_floxif_mafia

  • Size

    1.7MB

  • Sample

    240727-qngjhs1ekr

  • MD5

    ddfacdca94092d41caa342f90cd630b3

  • SHA1

    354e39c458a3374a514e8a36cbdbf1d10b76a25c

  • SHA256

    6819f6a9191fa3ab77a774641080534a67b17782eb9f38a21f4de52c9f02f5b4

  • SHA512

    91c2b6c96f0eb207f4cedbf93d4f5c1c2a8679f3064ec9897a61e24794602c786f6442ae587f6faa85d4fc47351c106a66b2a4e19d87200a78a993cdbc6e7a8a

  • SSDEEP

    49152:Kf+nVJ+nTqAWsyl+Snc7nKMdTRmq3+sxx+2CDQFZfB5kKIhpOkp:9+nTqAWsyYSnc7nKMdTRme5x+2CStkKC

Malware Config

Targets

    • Target

      2024-07-27_ddfacdca94092d41caa342f90cd630b3_floxif_mafia

    • Size

      1.7MB

    • MD5

      ddfacdca94092d41caa342f90cd630b3

    • SHA1

      354e39c458a3374a514e8a36cbdbf1d10b76a25c

    • SHA256

      6819f6a9191fa3ab77a774641080534a67b17782eb9f38a21f4de52c9f02f5b4

    • SHA512

      91c2b6c96f0eb207f4cedbf93d4f5c1c2a8679f3064ec9897a61e24794602c786f6442ae587f6faa85d4fc47351c106a66b2a4e19d87200a78a993cdbc6e7a8a

    • SSDEEP

      49152:Kf+nVJ+nTqAWsyl+Snc7nKMdTRmq3+sxx+2CDQFZfB5kKIhpOkp:9+nTqAWsyYSnc7nKMdTRme5x+2CStkKC

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks