General

  • Target

    2024-09-13_9d1e28ec357a244077f58f109d253f0c_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    240913-qgfzeaseqd

  • MD5

    9d1e28ec357a244077f58f109d253f0c

  • SHA1

    03c28f28544f68ad4415111261c900922cfbc734

  • SHA256

    48a437fd88ac7f8c3656c03bbbfb894afc0cd9f22f307f5ce7c50c53910217a3

  • SHA512

    715cfafadc8e51289053e8d62b4f70b42a6bd474893da1943e18df27c3174a6f7815c20eee7097772aff2e091da0595a5c6fc5d3b669a7c500cde21f22499261

  • SSDEEP

    49152:uaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOR2NP2yYI1D7B5lcdtH9jR9W/KMZKO:nudEBhzQoMtoFPVmyN8yrOR2NO8977lH

Malware Config

Targets

    • Target

      2024-09-13_9d1e28ec357a244077f58f109d253f0c_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      9d1e28ec357a244077f58f109d253f0c

    • SHA1

      03c28f28544f68ad4415111261c900922cfbc734

    • SHA256

      48a437fd88ac7f8c3656c03bbbfb894afc0cd9f22f307f5ce7c50c53910217a3

    • SHA512

      715cfafadc8e51289053e8d62b4f70b42a6bd474893da1943e18df27c3174a6f7815c20eee7097772aff2e091da0595a5c6fc5d3b669a7c500cde21f22499261

    • SSDEEP

      49152:uaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOR2NP2yYI1D7B5lcdtH9jR9W/KMZKO:nudEBhzQoMtoFPVmyN8yrOR2NO8977lH

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks