General

  • Target

    2024-09-05_91d21ab7c09b1a5b0190ce71b9cb4ff2_floxif_mafia

  • Size

    2.5MB

  • Sample

    240905-pq936s1gqc

  • MD5

    91d21ab7c09b1a5b0190ce71b9cb4ff2

  • SHA1

    29e41ee9b83008bc27a633eeb6a3d6b8e1bf8fd0

  • SHA256

    562b837905eb29da99fb993ae74ed584ea5b8a1db1291f9ac3bee24e1c845d6c

  • SHA512

    7e4b7792d934ea46fcccbc9ddb029ba12c9d1e4680593f6be752e0cf4724d618ddd8fccec3333e33f8f4ddcb479d5b023d765ec14294cd8461a4c0379eedc2a9

  • SSDEEP

    49152:UuIIKbofs2hPd2l177BTK2VbDsar1YDjA:Ujafs2hPIl1/L

Malware Config

Targets

    • Target

      2024-09-05_91d21ab7c09b1a5b0190ce71b9cb4ff2_floxif_mafia

    • Size

      2.5MB

    • MD5

      91d21ab7c09b1a5b0190ce71b9cb4ff2

    • SHA1

      29e41ee9b83008bc27a633eeb6a3d6b8e1bf8fd0

    • SHA256

      562b837905eb29da99fb993ae74ed584ea5b8a1db1291f9ac3bee24e1c845d6c

    • SHA512

      7e4b7792d934ea46fcccbc9ddb029ba12c9d1e4680593f6be752e0cf4724d618ddd8fccec3333e33f8f4ddcb479d5b023d765ec14294cd8461a4c0379eedc2a9

    • SSDEEP

      49152:UuIIKbofs2hPd2l177BTK2VbDsar1YDjA:Ujafs2hPIl1/L

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Tasks