General
-
Target
2024-08-09_a95c16eda92f161466bdbdb3075b66ca_floxif_mafia
-
Size
2.5MB
-
Sample
240809-qre5vs1dmq
-
MD5
a95c16eda92f161466bdbdb3075b66ca
-
SHA1
526323892fd79d2e0ac8281d7a5f4ba59eb2b8cc
-
SHA256
c5c514337c9304ef363376f9e37d4cc6efc5810e2ed7345f31f2c7dd7a534e02
-
SHA512
7d1f8470168f3e61fe13c1a5b508ee58a991f0432a0094ec831693488d10d0ff0de2814c4baf83af654ec6ff0e5bd54f6cb836e5b614b7f7b390ccbbb915c60f
-
SSDEEP
24576:2BdtrAUrEOHgu8eCzfWTXytNDywpBgyOePQbEEn9PVofs2hfnjsUo4rzazlHCjkj:tuIJ0ofs2hPd2l177BTK2VbDsar1YDjY
Malware Config
Targets
-
-
Target
2024-08-09_a95c16eda92f161466bdbdb3075b66ca_floxif_mafia
-
Size
2.5MB
-
MD5
a95c16eda92f161466bdbdb3075b66ca
-
SHA1
526323892fd79d2e0ac8281d7a5f4ba59eb2b8cc
-
SHA256
c5c514337c9304ef363376f9e37d4cc6efc5810e2ed7345f31f2c7dd7a534e02
-
SHA512
7d1f8470168f3e61fe13c1a5b508ee58a991f0432a0094ec831693488d10d0ff0de2814c4baf83af654ec6ff0e5bd54f6cb836e5b614b7f7b390ccbbb915c60f
-
SSDEEP
24576:2BdtrAUrEOHgu8eCzfWTXytNDywpBgyOePQbEEn9PVofs2hfnjsUo4rzazlHCjkj:tuIJ0ofs2hPd2l177BTK2VbDsar1YDjY
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-