General

  • Target

    2024-09-09_6d1fd89a23611a1c17d04a9b5e8ef01c_floxif_mafia

  • Size

    2.0MB

  • Sample

    240909-hpxm5awdnj

  • MD5

    6d1fd89a23611a1c17d04a9b5e8ef01c

  • SHA1

    a59fb79fadadb5eed79802b5fc0db9362f8e978f

  • SHA256

    0deb0ef7f560b60d61979383bf0a518335bc5d059d6faeeb826f945a986676e9

  • SHA512

    9c7660371e1c035bd424002568ee6d86907f823286258fab65b66fdd140051c4cb7ff6020fb4e515b5fc24e43bec15e9d8df660f8b96f064c06ff70ad30b1b3b

  • SSDEEP

    49152:H1LGMMeYFqh64yCJHkUXeioZ5oG6dybABGOc8ZsMQaRXunv425muyX8YjlPeXK:H1LGMMeYFT4PHrXeioZ5cdJBGOc8ZsMt

Malware Config

Targets

    • Target

      2024-09-09_6d1fd89a23611a1c17d04a9b5e8ef01c_floxif_mafia

    • Size

      2.0MB

    • MD5

      6d1fd89a23611a1c17d04a9b5e8ef01c

    • SHA1

      a59fb79fadadb5eed79802b5fc0db9362f8e978f

    • SHA256

      0deb0ef7f560b60d61979383bf0a518335bc5d059d6faeeb826f945a986676e9

    • SHA512

      9c7660371e1c035bd424002568ee6d86907f823286258fab65b66fdd140051c4cb7ff6020fb4e515b5fc24e43bec15e9d8df660f8b96f064c06ff70ad30b1b3b

    • SSDEEP

      49152:H1LGMMeYFqh64yCJHkUXeioZ5oG6dybABGOc8ZsMQaRXunv425muyX8YjlPeXK:H1LGMMeYFT4PHrXeioZ5cdJBGOc8ZsMt

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks