General
-
Target
2024-11-18_ef5ba3bc3fb34aaead3e53b685aee4eb_floxif_mafia
-
Size
2.1MB
-
Sample
241118-w95q5asdre
-
MD5
ef5ba3bc3fb34aaead3e53b685aee4eb
-
SHA1
a2e0e7a2dd7f3d3565c22f2d1f337205cc0f3272
-
SHA256
6199dbd28237908fcacc891f5234979a059a9b2b1a3865ca89e3a1af26f68c9c
-
SHA512
8989df861eea7a30657e86a7901441895b97d79b748ebea1ca1ab7f181f1fe29519bab210f95a3155d70a0e14cf983966d19bef7259b554acc6c954830001f35
-
SSDEEP
49152:WcbMF8906wpNrbOGsY/jGPHzsNk2uE2MKadjmYXNxiJUq0wwwWoA7xj/3sa2O6:H39068r6GsWyHzsNk2uE2MKaxmYdq0wb
Malware Config
Targets
-
-
Target
2024-11-18_ef5ba3bc3fb34aaead3e53b685aee4eb_floxif_mafia
-
Size
2.1MB
-
MD5
ef5ba3bc3fb34aaead3e53b685aee4eb
-
SHA1
a2e0e7a2dd7f3d3565c22f2d1f337205cc0f3272
-
SHA256
6199dbd28237908fcacc891f5234979a059a9b2b1a3865ca89e3a1af26f68c9c
-
SHA512
8989df861eea7a30657e86a7901441895b97d79b748ebea1ca1ab7f181f1fe29519bab210f95a3155d70a0e14cf983966d19bef7259b554acc6c954830001f35
-
SSDEEP
49152:WcbMF8906wpNrbOGsY/jGPHzsNk2uE2MKadjmYXNxiJUq0wwwWoA7xj/3sa2O6:H39068r6GsWyHzsNk2uE2MKaxmYdq0wb
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-