General

  • Target

    2024-07-30_5a5bcd5f903c960aee89f6b6284472ff_floxif_mafia

  • Size

    1.7MB

  • Sample

    240730-awtaaayenm

  • MD5

    5a5bcd5f903c960aee89f6b6284472ff

  • SHA1

    f790ae1839d0f9684046cbcffdc4431cc15cacf6

  • SHA256

    c6f8d19f9f5e9a3e5ba9bb9ce37b0ffdb56b4f6aa0177dd18b2b7fffd3793acb

  • SHA512

    79a636916dd46a39b77836842846358927b452a2a2e88f3db8b80573de8b26db4af6fb590551f320cc42ca9bdf8a3edb1a3d8f227a1aa9c30ace8441d2daf8bd

  • SSDEEP

    49152:WlfGRvrbYu/NCW3xEjbw5hmt+oVBPQ7bbLiGJn3WgcliylPPej1qk:3RvrbY+CW3Ibw5hK+oVBPQ7vLPwlliyG

Malware Config

Targets

    • Target

      2024-07-30_5a5bcd5f903c960aee89f6b6284472ff_floxif_mafia

    • Size

      1.7MB

    • MD5

      5a5bcd5f903c960aee89f6b6284472ff

    • SHA1

      f790ae1839d0f9684046cbcffdc4431cc15cacf6

    • SHA256

      c6f8d19f9f5e9a3e5ba9bb9ce37b0ffdb56b4f6aa0177dd18b2b7fffd3793acb

    • SHA512

      79a636916dd46a39b77836842846358927b452a2a2e88f3db8b80573de8b26db4af6fb590551f320cc42ca9bdf8a3edb1a3d8f227a1aa9c30ace8441d2daf8bd

    • SSDEEP

      49152:WlfGRvrbYu/NCW3xEjbw5hmt+oVBPQ7bbLiGJn3WgcliylPPej1qk:3RvrbY+CW3Ibw5hK+oVBPQ7vLPwlliyG

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Network Service Discovery

      Attempt to gather information on host's network.

MITRE ATT&CK Enterprise v15

Tasks