General
-
Target
2024-08-15_bac3facd158dbbe51988a83f757440ba_floxif_mafia
-
Size
1.8MB
-
Sample
240815-qnkaeaybkr
-
MD5
bac3facd158dbbe51988a83f757440ba
-
SHA1
c72707a997004f58de7bcfa0321d68c81d2d0cc1
-
SHA256
451c3257fe31932825d114b93eced5aeb2c67f88ff099f553b392eb9b2c1d621
-
SHA512
62d2655b64ac61273c430a2044b1ca416e2393bdd9d378483949a28c3dd123ef27e1c11acdd1528496816752d21c7848db6693ac875d1009c6f6e7e8a900b7e7
-
SSDEEP
49152:BpEOjw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yijip:n1YJYH
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-15_bac3facd158dbbe51988a83f757440ba_floxif_mafia.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-08-15_bac3facd158dbbe51988a83f757440ba_floxif_mafia.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-08-15_bac3facd158dbbe51988a83f757440ba_floxif_mafia
-
Size
1.8MB
-
MD5
bac3facd158dbbe51988a83f757440ba
-
SHA1
c72707a997004f58de7bcfa0321d68c81d2d0cc1
-
SHA256
451c3257fe31932825d114b93eced5aeb2c67f88ff099f553b392eb9b2c1d621
-
SHA512
62d2655b64ac61273c430a2044b1ca416e2393bdd9d378483949a28c3dd123ef27e1c11acdd1528496816752d21c7848db6693ac875d1009c6f6e7e8a900b7e7
-
SSDEEP
49152:BpEOjw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yijip:n1YJYH
-
Detects Floxif payload
-
Drops file in Drivers directory
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2AppInit DLLs
1Change Default File Association
1Privilege Escalation
Event Triggered Execution
2AppInit DLLs
1Change Default File Association
1