General

  • Target

    2024-09-14_3155a5e0a54d0c0b2b89c34201c0450b_floxif_mafia

  • Size

    205KB

  • Sample

    240914-qnbchawckk

  • MD5

    3155a5e0a54d0c0b2b89c34201c0450b

  • SHA1

    9874b7cd130015f2305a35c3f946a7d7262838cf

  • SHA256

    d2998158d0355771b7999818b5388d5d70443d8026020e08485410a753dc32bd

  • SHA512

    3d8177f54fdf63b6dbc2f48010818d05ddb0e01d0c2dad457fccaf74e6ae798c244c3dc352fbc9b6ed195fb38e1b72880bcccd5e9b78a65df250e16bc86c22ad

  • SSDEEP

    3072:fJgW+wuO7GlvsuJO5ipPbGeuqlfrkVlPqrWWJCa2lQBV+UdE+rECWp7hKlsgQ:BgWhf+va4SIlmiysBV+UdvrEFp7hKWp

Malware Config

Targets

    • Target

      2024-09-14_3155a5e0a54d0c0b2b89c34201c0450b_floxif_mafia

    • Size

      205KB

    • MD5

      3155a5e0a54d0c0b2b89c34201c0450b

    • SHA1

      9874b7cd130015f2305a35c3f946a7d7262838cf

    • SHA256

      d2998158d0355771b7999818b5388d5d70443d8026020e08485410a753dc32bd

    • SHA512

      3d8177f54fdf63b6dbc2f48010818d05ddb0e01d0c2dad457fccaf74e6ae798c244c3dc352fbc9b6ed195fb38e1b72880bcccd5e9b78a65df250e16bc86c22ad

    • SSDEEP

      3072:fJgW+wuO7GlvsuJO5ipPbGeuqlfrkVlPqrWWJCa2lQBV+UdE+rECWp7hKlsgQ:BgWhf+va4SIlmiysBV+UdvrEFp7hKWp

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks