General

  • Target

    2024-09-17_3ee242a55ab597b65ded04917c5b65ab_floxif_mafia

  • Size

    1.0MB

  • Sample

    240917-ar54aaxerf

  • MD5

    3ee242a55ab597b65ded04917c5b65ab

  • SHA1

    c154136bb93d9f38602dfb5093092fa51a20f2ae

  • SHA256

    ed531b1ad501e51863ad598b59f19a5ea77c691c6d5da9868d15dc95331db08d

  • SHA512

    dba22caf1fc65681c14e7398808712d7fe9f0dbec4e200b5bbf6bdf4893d80d99303dc9ad03e9e4e9af6fa3ecabe1e8c69bbd6471caccd12c59bca4e4ffd7a96

  • SSDEEP

    24576:9Os/qDO7VjaXRqgw133/9LhSgBeS+evv0osrEH7+:9O7O7VjaXR9W33//SgBeS+evv0o6

Malware Config

Targets

    • Target

      2024-09-17_3ee242a55ab597b65ded04917c5b65ab_floxif_mafia

    • Size

      1.0MB

    • MD5

      3ee242a55ab597b65ded04917c5b65ab

    • SHA1

      c154136bb93d9f38602dfb5093092fa51a20f2ae

    • SHA256

      ed531b1ad501e51863ad598b59f19a5ea77c691c6d5da9868d15dc95331db08d

    • SHA512

      dba22caf1fc65681c14e7398808712d7fe9f0dbec4e200b5bbf6bdf4893d80d99303dc9ad03e9e4e9af6fa3ecabe1e8c69bbd6471caccd12c59bca4e4ffd7a96

    • SSDEEP

      24576:9Os/qDO7VjaXRqgw133/9LhSgBeS+evv0osrEH7+:9O7O7VjaXR9W33//SgBeS+evv0o6

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks