General

  • Target

    2024-09-13_58d5f2424950ed9412b61f6267e504c2_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    240913-p6dpxa1gnn

  • MD5

    58d5f2424950ed9412b61f6267e504c2

  • SHA1

    6c3f3953c424940b1508b791cba2d49178021d55

  • SHA256

    2ffe54373fb4e0faa93266b17a598c63f551522e3addf7c25f3ed70aa006ae92

  • SHA512

    1f69773dd4e95e601aad08a5621cba97fde7a9b7566f48ee3886a6f95b82274cb8055ac12b63c4f266b993bb0f56bf0c065e04037ae3835ce22c8e43c57c5b13

  • SSDEEP

    49152:uaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOY23P2yYI137B5lcdtH9jR9W/KMZKE:nudEBhzQoMtoFPVmyN8yrOY23O8p77lh

Malware Config

Targets

    • Target

      2024-09-13_58d5f2424950ed9412b61f6267e504c2_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      58d5f2424950ed9412b61f6267e504c2

    • SHA1

      6c3f3953c424940b1508b791cba2d49178021d55

    • SHA256

      2ffe54373fb4e0faa93266b17a598c63f551522e3addf7c25f3ed70aa006ae92

    • SHA512

      1f69773dd4e95e601aad08a5621cba97fde7a9b7566f48ee3886a6f95b82274cb8055ac12b63c4f266b993bb0f56bf0c065e04037ae3835ce22c8e43c57c5b13

    • SSDEEP

      49152:uaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOY23P2yYI137B5lcdtH9jR9W/KMZKE:nudEBhzQoMtoFPVmyN8yrOY23O8p77lh

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks