General

  • Target

    2024-10-30_9156107a758a59b5d2cf01c26629714b_floxif_hijackloader_icedid

  • Size

    2.1MB

  • Sample

    241030-xkmdxs1jhq

  • MD5

    9156107a758a59b5d2cf01c26629714b

  • SHA1

    abf7503327431f85b0032ec643e3a49c7ecd5422

  • SHA256

    00595e0ef98a5d7c7d2116b30f780d0f8d0481fbd86ada87067be6eb8dcfb3c7

  • SHA512

    f6f74e1b09ad0ed1b36881eecdec6ba2b2f21950911afedbff131571670882f4a672235f725ac31bccfb316f92d025fd7e49aea404654891eaae33059654fa74

  • SSDEEP

    49152:V8PsZNCHFOAxh5ofQtfxaPZXbuo3j5XpC:uPsZuFOAJfxaPhbuo3j5XpC

Malware Config

Targets

    • Target

      2024-10-30_9156107a758a59b5d2cf01c26629714b_floxif_hijackloader_icedid

    • Size

      2.1MB

    • MD5

      9156107a758a59b5d2cf01c26629714b

    • SHA1

      abf7503327431f85b0032ec643e3a49c7ecd5422

    • SHA256

      00595e0ef98a5d7c7d2116b30f780d0f8d0481fbd86ada87067be6eb8dcfb3c7

    • SHA512

      f6f74e1b09ad0ed1b36881eecdec6ba2b2f21950911afedbff131571670882f4a672235f725ac31bccfb316f92d025fd7e49aea404654891eaae33059654fa74

    • SSDEEP

      49152:V8PsZNCHFOAxh5ofQtfxaPZXbuo3j5XpC:uPsZuFOAJfxaPhbuo3j5XpC

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks