floxif | b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec | Triage

Submit
Reports

Overview

overview

Static

static

1

b75764783a...ec.exe

windows7-x64

b75764783a...ec.exe

windows10-2004-x64

Sharing

General

Target

b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec
Size

2.7MB
Sample

241119-wwlq4azbnc
MD5

814b6ea832d866cc73f6eac4beea5ce2
SHA1

f150c9b039752b59da7fc344f5031ac9c530fdd8
SHA256

b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec
SHA512

49224842515e4a02db6560dab38c866f56cb3b3e378a3dc34d6715f7c02c7259f9bf91ce4109fe20d9a0f10efe814b8d6e260837eb04c8c84857b53a06d43e34
SSDEEP

49152:/FJi+7OytIt34Ehz1XdggLOkJAwYzlbFky7CYVmyoZEhaTnMtSYXkNg1:/FJi+ayqVdggLBAjln7CymyougMdn

Score

10^/10

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec.exe

Resource

win7-20240903-en

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec.exe

Resource

win10v2004-20241007-en

floxif backdoor bootkit discovery persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec
- Size
  
  2.7MB
- MD5
  
  814b6ea832d866cc73f6eac4beea5ce2
- SHA1
  
  f150c9b039752b59da7fc344f5031ac9c530fdd8
- SHA256
  
  b75764783acc03c3386e2c27a58f2629be2ffecdc04bb4a0e2570672c0005aec
- SHA512
  
  49224842515e4a02db6560dab38c866f56cb3b3e378a3dc34d6715f7c02c7259f9bf91ce4109fe20d9a0f10efe814b8d6e260837eb04c8c84857b53a06d43e34
- SSDEEP
  
  49152:/FJi+7OytIt34Ehz1XdggLOkJAwYzlbFky7CYVmyoZEhaTnMtSYXkNg1:/FJi+ayqVdggLBAjln7CymyougMdn
Score

10^/10

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoorbootkitdiscoverypersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoorbootkitdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy