General
-
Target
2024-10-17_81b0ffbb11e8b6a32316bc76ade1e6c8_floxif_mafia
-
Size
1.9MB
-
Sample
241017-pswzbsxelg
-
MD5
81b0ffbb11e8b6a32316bc76ade1e6c8
-
SHA1
3c8d29a5ca8d2e26cd01062317d6d6470d82c9c2
-
SHA256
d2ea98325c941c4052a485c7d078a2c4a46b33f1f3815b59339c6a3b0f5f7b17
-
SHA512
b820366f2f4039d77d8b6c38c3957406c73ac57e55e5cdb5a72b024c6958ba38a573ee70b176dd0f8579203192a4c94c6bc9bf6417393d7860391ff3e2d5d718
-
SSDEEP
49152:WWpQTW3vYptbUE0QI662K8E11Jkc/ookTD79C6A4tVxckwD9:6ptbUE0Qw2K51Jkc/ooYk45xm
Malware Config
Targets
-
-
Target
2024-10-17_81b0ffbb11e8b6a32316bc76ade1e6c8_floxif_mafia
-
Size
1.9MB
-
MD5
81b0ffbb11e8b6a32316bc76ade1e6c8
-
SHA1
3c8d29a5ca8d2e26cd01062317d6d6470d82c9c2
-
SHA256
d2ea98325c941c4052a485c7d078a2c4a46b33f1f3815b59339c6a3b0f5f7b17
-
SHA512
b820366f2f4039d77d8b6c38c3957406c73ac57e55e5cdb5a72b024c6958ba38a573ee70b176dd0f8579203192a4c94c6bc9bf6417393d7860391ff3e2d5d718
-
SSDEEP
49152:WWpQTW3vYptbUE0QI662K8E11Jkc/ookTD79C6A4tVxckwD9:6ptbUE0Qw2K51Jkc/ooYk45xm
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-