General
-
Target
2024-11-19_5fca12b7faff6259afc76e05c4ecaf37_floxif_mafia
-
Size
2.5MB
-
Sample
241119-pngnvawhjl
-
MD5
5fca12b7faff6259afc76e05c4ecaf37
-
SHA1
af3998aeec0d2c3176c28208c2af6883fdff60c5
-
SHA256
b3d93c5b6915f2261ae965b734bb6e99c7b8ae00698be99e04dcdf66b03a353e
-
SHA512
a32bc9987b165021941bb8dc705f81a7713edad835b9a77d08a784dd4a9cff8e6492d46f20ec93280e27a7bb3c5d25ac89f7d2faaf47361893dd6e5ac4b72b5a
-
SSDEEP
49152:tuI+KKofs2hPd2l177BTK2VbDsar1YDjrY:tj1fs2hPIl1/3
Malware Config
Targets
-
-
Target
2024-11-19_5fca12b7faff6259afc76e05c4ecaf37_floxif_mafia
-
Size
2.5MB
-
MD5
5fca12b7faff6259afc76e05c4ecaf37
-
SHA1
af3998aeec0d2c3176c28208c2af6883fdff60c5
-
SHA256
b3d93c5b6915f2261ae965b734bb6e99c7b8ae00698be99e04dcdf66b03a353e
-
SHA512
a32bc9987b165021941bb8dc705f81a7713edad835b9a77d08a784dd4a9cff8e6492d46f20ec93280e27a7bb3c5d25ac89f7d2faaf47361893dd6e5ac4b72b5a
-
SSDEEP
49152:tuI+KKofs2hPd2l177BTK2VbDsar1YDjrY:tj1fs2hPIl1/3
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-