General

  • Target

    2024-08-16_bed82ac6be5915a59ae6c46c8d1bc3e1_floxif_mafia

  • Size

    3.4MB

  • Sample

    240816-ptc8lsvdja

  • MD5

    bed82ac6be5915a59ae6c46c8d1bc3e1

  • SHA1

    2711df6cd5aea0788866ade47a2ec5f04eab2e95

  • SHA256

    b14ebf9950bb465852eb466a04b57f7473483d8d66ab26b6b6cf56d2f0fefb1d

  • SHA512

    45ee2db7505c8f3568ae0bac4733fa1e15b3e26107c3dcd0692991cba72a8780b5167584a8e4912b9de06af66e8590ac105cb83257c00b45711e0b1ac7b2be52

  • SSDEEP

    98304:vQIQ7n4g8zR5ZRER+7b6MYkjMaGs7qKnX341lfc4x:II9g8jTsZDs7qKn4vXx

Malware Config

Targets

    • Target

      2024-08-16_bed82ac6be5915a59ae6c46c8d1bc3e1_floxif_mafia

    • Size

      3.4MB

    • MD5

      bed82ac6be5915a59ae6c46c8d1bc3e1

    • SHA1

      2711df6cd5aea0788866ade47a2ec5f04eab2e95

    • SHA256

      b14ebf9950bb465852eb466a04b57f7473483d8d66ab26b6b6cf56d2f0fefb1d

    • SHA512

      45ee2db7505c8f3568ae0bac4733fa1e15b3e26107c3dcd0692991cba72a8780b5167584a8e4912b9de06af66e8590ac105cb83257c00b45711e0b1ac7b2be52

    • SSDEEP

      98304:vQIQ7n4g8zR5ZRER+7b6MYkjMaGs7qKnX341lfc4x:II9g8jTsZDs7qKn4vXx

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks