floxif | d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243 | Triage

Submit
Reports

Overview

overview

Static

static

d413dd9f85...3N.dll

windows7-x64

8

d413dd9f85...3N.dll

windows10-2004-x64

5

Sharing

General

Target

d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243N
Size

76KB
Sample

241012-2fv8gsyhlr
MD5

4defc2fa1df8948413d1768b13eccc90
SHA1

c82e08f2f2d92cc76c0f416461e55214f54c3627
SHA256

d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243
SHA512

1730603bc5d573ba301dbaa0e84f3dfa814fbe3942cded2678302b9a2937689194217fa152b9ed308303f1ab25425a2e1432a26092b9513c47616b705a7b1602
SSDEEP

1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZzmwmCdKbJBuN:c8y93KQjy7G55riF1cMo03Fm4KbJa

Score

10^/10

floxif backdoor discovery persistence privilege_escalation upx

Static task

static1

backdoor upx floxif

5 signatures

Behavioral task

behavioral1

Sample

d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243N.dll

Resource

win7-20240903-en

discovery persistence privilege_escalation upx

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243N.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

120 seconds

Malware Config

Targets

- Target
  
  d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243N
- Size
  
  76KB
- MD5
  
  4defc2fa1df8948413d1768b13eccc90
- SHA1
  
  c82e08f2f2d92cc76c0f416461e55214f54c3627
- SHA256
  
  d413dd9f85be7b8deade225857b23286f739b0d406c71e9648ad4417dc403243
- SHA512
  
  1730603bc5d573ba301dbaa0e84f3dfa814fbe3942cded2678302b9a2937689194217fa152b9ed308303f1ab25425a2e1432a26092b9513c47616b705a7b1602
- SSDEEP
  
  1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZzmwmCdKbJBuN:c8y93KQjy7G55riF1cMo03Fm4KbJa
Score

8^/10

discovery persistence privilege_escalation upx
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoorupxfloxif

behavioral1

discoverypersistenceprivilege_escalationupx

behavioral2

© 2018-2025

Terms | Privacy