General

  • Target

    2024-11-09_b2ff0700c86199e827c45457414272c8_floxif_mafia

  • Size

    1.8MB

  • Sample

    241109-pskajatles

  • MD5

    b2ff0700c86199e827c45457414272c8

  • SHA1

    d64358c41cc307b5c36b22480a0d430b141c8165

  • SHA256

    87da26223be803be1412d1c760c4f970bc65f63fc4ee601c7cf4a4df59a442db

  • SHA512

    42583be1f1c938a1e8b423e456f871cad168c88e10e2d8d62abdab7a4b27a58545c3b9f6f69710a454d0d63a979ea6e100593d8335a95e83dbc100ebc8b80276

  • SSDEEP

    49152:x2Werc0sI1Ng0pioX/wVQm++SMmxnvkwsrz+ehmLMg2STFL+mj:x2c0s4/i2wVQm++SMYnvyzALMg24L+G

Malware Config

Targets

    • Target

      2024-11-09_b2ff0700c86199e827c45457414272c8_floxif_mafia

    • Size

      1.8MB

    • MD5

      b2ff0700c86199e827c45457414272c8

    • SHA1

      d64358c41cc307b5c36b22480a0d430b141c8165

    • SHA256

      87da26223be803be1412d1c760c4f970bc65f63fc4ee601c7cf4a4df59a442db

    • SHA512

      42583be1f1c938a1e8b423e456f871cad168c88e10e2d8d62abdab7a4b27a58545c3b9f6f69710a454d0d63a979ea6e100593d8335a95e83dbc100ebc8b80276

    • SSDEEP

      49152:x2Werc0sI1Ng0pioX/wVQm++SMmxnvkwsrz+ehmLMg2STFL+mj:x2c0s4/i2wVQm++SMYnvyzALMg24L+G

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • A potential corporate email address has been identified in the URL: [email protected]

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks