General

  • Target

    2024-10-02_b2313526f37dfbbfac39312dd47268d5_floxif_mafia

  • Size

    2.2MB

  • Sample

    241002-bwle4szgqp

  • MD5

    b2313526f37dfbbfac39312dd47268d5

  • SHA1

    0a075f40d94556723ad817da048f89e38b384994

  • SHA256

    f29fbb089d6f3fffc621971ed6b1680d750dac4899dbd41e6747b08bf4fbb7ad

  • SHA512

    a62130fafdaa2b5adc4286453051e311e94791ec15fe647c4060fb933773f471f07ae32723153c91e7b6af321f60d646a111f9526795698a48f0e3122ba802ab

  • SSDEEP

    49152:4mm17nNaiixMNyzi6NYVHXUQFmTFFmPQVTVF9B:4mQXczFNYaQFvu

Malware Config

Targets

    • Target

      2024-10-02_b2313526f37dfbbfac39312dd47268d5_floxif_mafia

    • Size

      2.2MB

    • MD5

      b2313526f37dfbbfac39312dd47268d5

    • SHA1

      0a075f40d94556723ad817da048f89e38b384994

    • SHA256

      f29fbb089d6f3fffc621971ed6b1680d750dac4899dbd41e6747b08bf4fbb7ad

    • SHA512

      a62130fafdaa2b5adc4286453051e311e94791ec15fe647c4060fb933773f471f07ae32723153c91e7b6af321f60d646a111f9526795698a48f0e3122ba802ab

    • SSDEEP

      49152:4mm17nNaiixMNyzi6NYVHXUQFmTFFmPQVTVF9B:4mQXczFNYaQFvu

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks