General
-
Target
2024-08-11_b1a4e8bdc8eb5b5f00a73430cf7be057_floxif_hijackloader_mafia
-
Size
2.7MB
-
Sample
240811-qnqgeswakf
-
MD5
b1a4e8bdc8eb5b5f00a73430cf7be057
-
SHA1
18a8eae30f595f292ca3edf64e55f0a1ea731a47
-
SHA256
1eee1d23e3dc2d206790cb124aedabcdbf23b88a754ef6e541b4b670cf9a4e02
-
SHA512
2d5f974fe93371dbed8628a78306eb3e106fb5d54ad3ae64508e1d7a3261a6b229024e4a8c206a1c3f4e84c85d9993da9f8a865e4fecd231e58cb794a2806c7b
-
SSDEEP
49152:zPE6vXDUOYQMqclLy0wsXuhXabboP4ACQDAkniwlzI8ndVyw+AZ/WY4N2WwW/KMh:LFvXfMFLySXuhXa/oP4ACYAkniMISyBV
Malware Config
Targets
-
-
Target
2024-08-11_b1a4e8bdc8eb5b5f00a73430cf7be057_floxif_hijackloader_mafia
-
Size
2.7MB
-
MD5
b1a4e8bdc8eb5b5f00a73430cf7be057
-
SHA1
18a8eae30f595f292ca3edf64e55f0a1ea731a47
-
SHA256
1eee1d23e3dc2d206790cb124aedabcdbf23b88a754ef6e541b4b670cf9a4e02
-
SHA512
2d5f974fe93371dbed8628a78306eb3e106fb5d54ad3ae64508e1d7a3261a6b229024e4a8c206a1c3f4e84c85d9993da9f8a865e4fecd231e58cb794a2806c7b
-
SSDEEP
49152:zPE6vXDUOYQMqclLy0wsXuhXabboP4ACQDAkniwlzI8ndVyw+AZ/WY4N2WwW/KMh:LFvXfMFLySXuhXa/oP4ACYAkniMISyBV
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-