General

  • Target

    2024-08-16_c387a0580a9fb0823405e6c5b1c16066_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    240816-ptmgaayfnn

  • MD5

    c387a0580a9fb0823405e6c5b1c16066

  • SHA1

    cd2d0fc9de771cacc34c4d79019d975ba8a1d8f1

  • SHA256

    a37ca94ff80f6f2b6238507d345c3ab57d29a4b965734fa9100c1778bd7312fc

  • SHA512

    f42469db0f7758f86ba3a38036accbcb7836da25bf5b50485e53b5cd6c631bd7c5461bd1297b06b54ade3115fc34ddaea694df4f54bd35868c5fc264feeb7f83

  • SSDEEP

    49152:Flks4ARlVLX6Sc60FNUFFIIsTp69FlNN7boUvH6u//zHfwhXPwMQ9i9ZMW/KMZKC:/nRr6+0FUFIIsTY9Fl/7boUi+jwZPwMZ

Malware Config

Targets

    • Target

      2024-08-16_c387a0580a9fb0823405e6c5b1c16066_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      c387a0580a9fb0823405e6c5b1c16066

    • SHA1

      cd2d0fc9de771cacc34c4d79019d975ba8a1d8f1

    • SHA256

      a37ca94ff80f6f2b6238507d345c3ab57d29a4b965734fa9100c1778bd7312fc

    • SHA512

      f42469db0f7758f86ba3a38036accbcb7836da25bf5b50485e53b5cd6c631bd7c5461bd1297b06b54ade3115fc34ddaea694df4f54bd35868c5fc264feeb7f83

    • SSDEEP

      49152:Flks4ARlVLX6Sc60FNUFFIIsTp69FlNN7boUvH6u//zHfwhXPwMQ9i9ZMW/KMZKC:/nRr6+0FUFIIsTY9Fl/7boUi+jwZPwMZ

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks