General

  • Target

    2024-08-16_bec3dbbf30ea2b5153052aaa84a9d87a_floxif_mafia

  • Size

    2.5MB

  • Sample

    240816-rtyknazbmc

  • MD5

    bec3dbbf30ea2b5153052aaa84a9d87a

  • SHA1

    e102c10564f9a9dbad6559931e8c6ac1c2f33f91

  • SHA256

    867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

  • SHA512

    88daef0e55f19c2446770f34cc9ede6c5bf05b6fc675c2668dca17eae1ac16cfba12b8dc9b3baec258b2d5233879c21cd3cda63a2dfb86d63be8b3dbfc135804

  • SSDEEP

    49152:tuIkKzofs2hPd2l177BTK2VbDsar1YDj0:tjWfs2hPIl1/X

Malware Config

Targets

    • Target

      2024-08-16_bec3dbbf30ea2b5153052aaa84a9d87a_floxif_mafia

    • Size

      2.5MB

    • MD5

      bec3dbbf30ea2b5153052aaa84a9d87a

    • SHA1

      e102c10564f9a9dbad6559931e8c6ac1c2f33f91

    • SHA256

      867dd4de518560699145549b8cd517820626160a0c7d6dffae35341572a8c55e

    • SHA512

      88daef0e55f19c2446770f34cc9ede6c5bf05b6fc675c2668dca17eae1ac16cfba12b8dc9b3baec258b2d5233879c21cd3cda63a2dfb86d63be8b3dbfc135804

    • SSDEEP

      49152:tuIkKzofs2hPd2l177BTK2VbDsar1YDj0:tjWfs2hPIl1/X

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks