General

  • Target

    2024-08-16_27421882e4be89930eb32cdd8012fa3a_floxif_mafia

  • Size

    2.5MB

  • Sample

    240816-plw1ravajc

  • MD5

    27421882e4be89930eb32cdd8012fa3a

  • SHA1

    6ee9456cdabda15ad342cf7fbf3cbd361771ae9e

  • SHA256

    1466436138f223807a380713297bf5e6eed337c601fcb9719568317cb532e188

  • SHA512

    2dd2f27c834e2b86882d0ee69fa26782a9697900e4d6c2b770d4030221211af8880f0d183322cbcf4eccaf2d43794fb880f1a9dea470e4449f1cb03d496c9402

  • SSDEEP

    49152:tuIfKXofs2hPd2l177BTK2VbDsar1YDjG:tjDfs2hPIl1/N

Malware Config

Targets

    • Target

      2024-08-16_27421882e4be89930eb32cdd8012fa3a_floxif_mafia

    • Size

      2.5MB

    • MD5

      27421882e4be89930eb32cdd8012fa3a

    • SHA1

      6ee9456cdabda15ad342cf7fbf3cbd361771ae9e

    • SHA256

      1466436138f223807a380713297bf5e6eed337c601fcb9719568317cb532e188

    • SHA512

      2dd2f27c834e2b86882d0ee69fa26782a9697900e4d6c2b770d4030221211af8880f0d183322cbcf4eccaf2d43794fb880f1a9dea470e4449f1cb03d496c9402

    • SSDEEP

      49152:tuIfKXofs2hPd2l177BTK2VbDsar1YDjG:tjDfs2hPIl1/N

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks