floxif | cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49a | Triage

Submit
Reports

Overview

overview

Static

static

3

cabe074c49...aN.exe

windows7-x64

cabe074c49...aN.exe

windows10-2004-x64

Sharing

General

Target

cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49aN
Size

988KB
Sample

241101-wjqjhsvmhl
MD5

7bafeed79bd78d2ae2f0c66f8bbbc180
SHA1

6d9524219f3d985cc67f129f9dad0604d07f4ddc
SHA256

cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49a
SHA512

bdd4e21188a9c46204e06e8f305df1c21c0316d72d9fa53c308957df212be165d5ccf3136a6d3c4ca3630b4c37f33f199260f9499774e9f473449ba4d7755d08
SSDEEP

24576:KL36VBIl7dRmYM2whmmp0CEohfZWtoQHvAYnPs7oIUSrEH7t:KzTRmY2NZjYnPs7oP/

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49aN.exe

Resource

win7-20240903-en

floxif backdoor discovery trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49aN.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49aN
- Size
  
  988KB
- MD5
  
  7bafeed79bd78d2ae2f0c66f8bbbc180
- SHA1
  
  6d9524219f3d985cc67f129f9dad0604d07f4ddc
- SHA256
  
  cabe074c49b34398928c55ceab56d4b558e6e47d01e57018df8f4d6bc06bc49a
- SHA512
  
  bdd4e21188a9c46204e06e8f305df1c21c0316d72d9fa53c308957df212be165d5ccf3136a6d3c4ca3630b4c37f33f199260f9499774e9f473449ba4d7755d08
- SSDEEP
  
  24576:KL36VBIl7dRmYM2whmmp0CEohfZWtoQHvAYnPs7oIUSrEH7t:KzTRmY2NZjYnPs7oP/
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

© 2018-2024

Terms | Privacy