Overview

overview

10

Static

static

6

SamFlash.exe

windows7-x64

3

SamFlash.exe

windows10-2004-x64

3

data/AdbWinApi.dll

windows7-x64

3

data/AdbWinApi.dll

windows10-2004-x64

3

data/AdbWinUsbApi.dll

windows7-x64

3

data/AdbWinUsbApi.dll

windows10-2004-x64

3

data/adb.exe

windows7-x64

3

data/adb.exe

windows10-2004-x64

3

data/cam.apk

android-9-x86

data/cam.apk

android-10-x64

data/cam.apk

android-11-x64

data/com.apk

android-9-x86

data/com.apk

android-10-x64

data/fastboot.exe

windows7-x64

3

data/fastboot.exe

windows10-2004-x64

3

data/frp.bin

debian-12-armhf

1

data/libus...er.exe

windows7-x64

1

data/libus...er.exe

windows10-2004-x64

1

data/libus...b0.dll

windows7-x64

1

data/libus...b0.dll

windows10-2004-x64

1

data/libus...b0.sys

windows7-x64

1

data/libus...b0.sys

windows10-2004-x64

1

data/libus...er.exe

windows7-x64

3

data/libus...er.exe

windows10-2004-x64

3

data/libus...b0.sys

windows7-x64

1

data/libus...b0.sys

windows10-2004-x64

1

data/libus...86.dll

windows7-x64

10

data/libus...86.dll

windows10-2004-x64

10

data/loade...9c.bin

debian-12-armhf

data/loade...9e.bin

debian-12-armhf

1

data/loade...50.bin

debian-9-armhf

1

data/loade...15.bin

debian-9-armhf

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .crdownload

  • Size

    46.2MB

  • Sample

    241209-rvkeesvrfn

  • MD5

    b77b39c881c3d159a5041db48702e262

  • SHA1

    e68446ff24594389894725f78948cc9168f25c75

  • SHA256

    bf791a2f43ce7856ad76c87f06cb323735a92acb1a4f17f4c5a6ea93a973ab19

  • SHA512

    63e92c2125fcab10e1087e1980fb9b063317a258461ee858259e0fe596c7cffe3a98e3087e1084ae8bf46cba7265ea20e395e952977cea45f9d41cc4d86f1de6

  • SSDEEP

    786432:IlyHWMO4ropTMjB3FcNEwJ/eEyTEwSTbz8Hq5gfC3zLIdLSVqRpvzMEoAelLXgkD:IkU4rox2BmEaeEyNSTboq2ogrvz90l8m

Score
10/10
floxifandroidbackdoordiscoverytrojanupx

Malware Config

Targets

    • Target

      SamFlash.exe

    • Size

      40.1MB

    • MD5

      f12dbf95da6430daca5896cbf5f4d26d

    • SHA1

      42ff929901a144495657f6103796292318173555

    • SHA256

      66af486c43f75e1bb7951457dbb173b56bb48a03179cf2ea05820981737494f3

    • SHA512

      020e310a2148ad206b44ddc6cf89d2b6a38d8da31a63bac403d9aa00ea388e4e2354d4e0b586dadace7031a11ab5f0b54a09e54c5cb26512b5765bed3bdd5ef6

    • SSDEEP

      786432:WJgcU5/BFm0ErjlqaxBKiZhOmXtSM8OLaZr6B+M5rvPWdv4BNT:1c8BFmxjlq4KeV216BZxPk

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      data/AdbWinApi.dll

    • Size

      105KB

    • MD5

      819e3e651ac7f490eb1500e0df246c3e

    • SHA1

      e4948268e2b3974d1728fe474195df011c380f45

    • SHA256

      fd96c88a315ba271018c0b54e7d696aba16d6bac132d9afc49b60cb14e4a822c

    • SHA512

      912da4212dc22adcb878c8b34ab7970a15878d7398643e8bbd3f6682d85fa5364f52a0e471d0c3299ad30fece47fba29a75ed5c83529fec3931343e34eba7fd0

    • SSDEEP

      1536:Dwqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCPN7jBx:DwqD3L8Tezq0et+ui1yE

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      data/AdbWinUsbApi.dll

    • Size

      71KB

    • MD5

      414d7ff85d3707752cb5df159e81273b

    • SHA1

      5c944ccae169d2b52d5442d0169fe6f2be7611a1

    • SHA256

      25bb8b33eeb702b340defcf078eb249420c885b8f4fedfc3fc56ada66bcdbc14

    • SHA512

      af2039ec528597adccf1268185d5e1686d2a276102197c3d028abf9167bc10d1d1b22b862f93bd880cf75ae2c2f6c5d0c862384f8be74008d468e69e21a019fb

    • SSDEEP

      1536:572doFmOiHizFbPlspcsbj5ZsP+YeTs1pc75ZxQ:5SSfN9+YeTs1pcFI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      data/adb.exe

    • Size

      5.6MB

    • MD5

      1eb885c863d208e330e3a961849322eb

    • SHA1

      cf909df4d928aa9053e2817fa10232880b56ca55

    • SHA256

      e1657ca239bcf53f60dd622a8476d51b8df3c2a3169f7b6082142942560627ed

    • SHA512

      d5a72e2aa0170d3fa41dd968a5f5e70a568c53d5449fbd0788ad016da0b6e1f1caa2c45cfdd7fdcf0a23205150e6578d25ed215b313de8dcbdae1b3a2e67bce4

    • SSDEEP

      49152:HgOAiiYyqR/bydBcqWHQqCcTuXK1IgNyyPzbrQRRKQjO0pGIaXKmBWDrGZYAYa+H:Ann2+Bcp7uWhYHI0FGGVwtCdW2

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      data/cam.apk

    • Size

      7.7MB

    • MD5

      a8c5b0d86b8dd513bd20f5b9a9606882

    • SHA1

      bde5786b680a755aabe94f6ad3b17fa8f97f0432

    • SHA256

      fe854c096ae40097e867272ebac8c77c03662b361dd9c2f97223378e1ef443b1

    • SHA512

      49a7224c0f075e9c0b8b25f08904aa060a6c731eca5e57197f87fa29ba5bd62e3fc0f3bde7f9b773aaf8b7ff7cd4bd6f169a6fb0733347487f961efce09c9035

    • SSDEEP

      49152:3hJpR+H2tGU6RjmeHbrrDgAG3i75CBLL47/Rm1U2NHcANa5yiS/ojZrjHLV5ut50:3hJpR+HIGUeHbrjh5sXSWa5ZfLfgnjM

    Score
    1/10
    behavioral10behavioral11behavioral9

    • Target

      data/com.apk

    • Size

      427KB

    • MD5

      8ea07466489e3346d473292b1167f1a8

    • SHA1

      b452d845a2464a9d9f51434cec472bbe51cb12d0

    • SHA256

      0230ac76554c86822131b8b1c63f8c4e125d6f2aa28319e890bb383167e30b92

    • SHA512

      d6ecd60f1a6034104e01da98d68683a4dac373871dba4f70fa3b60b76f656a602da26743c6dd9159ab02dc05080fa451d3cfa57c4eb12c32fbc6972d67b6b0be

    • SSDEEP

      12288:dh3+GQh3j+MMGFeuEpo5yf3nFha1UyDCxhSUyf+E1A9X:dh3+GQhKsapECXSUYb1oX

    Score
    1/10
    behavioral12behavioral13

    • Target

      data/fastboot.exe

    • Size

      1.7MB

    • MD5

      07e74ee8a79ce693b3925737fee89629

    • SHA1

      2be35f19051d2f477ef568241258c706f366bfef

    • SHA256

      9b9281147b9a79ef7e28b9d6856771933fc08debb33861ce298b3eb9c21715b9

    • SHA512

      2011d338c8e8be770a81252570321a0da4291fbb78877ea1d59f0609ca12cbd6d31a18accabe57348dd42597e27cc3e310f547c9bdad251028a51cd88cc26639

    • SSDEEP

      49152:Wv8A9F7dcKJs4EyIUxqCckbu6MBn3E/c+t3fhxl:Wps4EyJHb88cMl

    Score
    3/10
    discovery
    behavioral14behavioral15

    • Target

      data/frp.bin

    • Size

      10KB

    • MD5

      e4276f6d395264b80b73d91ea4ae7f3f

    • SHA1

      8ef89c5bc7cbeb665ce942a9a779c438cc98925c

    • SHA256

      e8a17a001d62039b8cbb579e5423d3cd699d933e8ba60b437a0b654681c62f4c

    • SHA512

      df9aa823cb3900b91a492c31f806900ce6d0ea01a86746b130a7b928127bf41cfcac8e67ca1eeb0a4aa221b64b9ca99623e5b101ca25fb2271667c04abda7135

    • SSDEEP

      192:bTwzhl8au4RAnZSSaLZoQwrzoKUZsBm70kbZYqX8uhXK7CpAcpW191Po0JpCQc5:aHu4wZb1oKF2Jdha7CprpW195o+9c5

    Score
    1/10
    behavioral16

    • Target

      data/libusb/x64/install-filter.exe

    • Size

      43KB

    • MD5

      a16f041c87529221c86e16124c7e9add

    • SHA1

      e4933d7fc395b397db9aba78b05a2a490622c7e5

    • SHA256

      df2abf387893332f28c4df68b10a6b176dc9706142055dccccf447f5a9cede2d

    • SHA512

      972eb4a6cf96692ae0ad43b42a6d418406aad5539451b4e24e564b89a347a9fc8ee5572d9b876d9de7b72192ba70aa114e8de9d721b37af9c169503aaef611e9

    • SSDEEP

      768:9NutDn4dFG2wgAVZ8xFxnR0JG/3V/y75cg3AmQbT4gOcB4DrTer3np:9Qt7yF9w0nR0JG/ACg3o34gv6nQ

    Score
    1/10
    behavioral17behavioral18

    • Target

      data/libusb/x64/libusb0.dll

    • Size

      74KB

    • MD5

      1d8215f7f8cd02a553499b534ccfb4d5

    • SHA1

      bab236f840f1521c43bcbaa2a7b92f14f329bc70

    • SHA256

      4f18b5d2c28aa66b648c8683c6d09b52b92cbbee85984bbefad5f38a64bc2a14

    • SHA512

      79ef4b25f16b2f2f37605298470ba9c4600e724e4b52d589add7d48816f656b93c082b5c65669e50e0546865063a068d26390e6ec7fbab66c3726e49a3779d69

    • SSDEEP

      1536:4Z4LV/bEtayHescyznkmrCvsgAM0vtPJZ9ivaaC+ziia3:4ZCxbEtayHpnkOBMmtPJzivaIO

    Score
    1/10
    behavioral19behavioral20

    • Target

      data/libusb/x64/libusb0.sys

    • Size

      51KB

    • MD5

      16e18ced459b1824234890386ee66cd5

    • SHA1

      81d2b572ec0d24aba11ed6bfa9174ffad54140b7

    • SHA256

      8058f2afe6ef96a7d2ded432997fd8655970c9ea75a938ee4557d6a2cb4cc989

    • SHA512

      b0e67d040d39f043305b0c172906bbea8341f1326108f5c5a0379cd6b287d62cbd86270385713d0f6a14c5106a5a6c23f6247a303e6124cb3e33982978505c98

    • SSDEEP

      768:HFXl2LF1UHgnnhe8178WtnYhD+icqO3cp3RtR7QnC+ziX7BE:yConbt8wifuQRtR7QnC+zirBE

    Score
    1/10
    behavioral21behavioral22

    • Target

      data/libusb/x86/install-filter.exe

    • Size

      45KB

    • MD5

      1a534450750eca1f3d951def8d9965bf

    • SHA1

      7dd82b6d52a840c4979a7515fc7a9ca3725363c4

    • SHA256

      5e84d13636fbce7869cddc8b20c7d83fa0063e98c319e8e5ab751edc9ee1da76

    • SHA512

      3acdfff24a4d9ebb4e9647afccf95f33b4580980fb35a91eff65a01ce470b0bbc1a3a27c476653911f1fa431757ca64c945da89da54bffa599744f29123ef715

    • SSDEEP

      768:Necy9908dqax/5FdC72/WkFkwUEihlLBHCnp+KCI:Ucy9Pn/LdnFFlUEulEl

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      data/libusb/x86/libusb0.sys

    • Size

      41KB

    • MD5

      c8c9800179af00c90629514e30873d80

    • SHA1

      9438573aee178c68f49bfa5ad71132d06c4dfa9b

    • SHA256

      aa7d75a4d01b405aab7c848674bbed392b64c6e374e20fd72adc3c96294e2f00

    • SHA512

      1db533b4ed8e4ae2ff55ef8b93b9186e30f8711e91bf07051c70423bac76d8ef29ebe578483029f83dcb619f94fd8abf453aab78328a876fc88188671be522c2

    • SSDEEP

      768:Wlqi7sKYNXhDedEP4ofzGTdJ0q7KC+ziB9Kds:yZQlem4Qemq+C+ziBkds

    Score
    1/10
    behavioral25behavioral26

    • Target

      data/libusb/x86/libusb0_x86.dll

    • Size

      142KB

    • MD5

      8145fa60f4a03ebea156df68f8c6f948

    • SHA1

      3cf02457805ea647bd6153bc7401521a94eacc5f

    • SHA256

      4eeabdd57ca7b7028e3981c43fb92494f93c752c2032cf33e0ec9da01e3e4a9a

    • SHA512

      ea9c6c28a7ca5d112ab12f437495c079ab25243cf33d86098ea34683ac6d7a270dce8df5371ae9208c25917d2e249c7cb2584f95ea1f2442fba92e1673ec30cf

    • SSDEEP

      3072:jzwLjtSIiRsjNh5IlmBA2lQBV+UdE+rECWp7hKh2Pqt1o:jS0nREAKOBV+UdvrEFp7hKsD

    Score
    10/10
    floxifbackdoordiscoverytrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral27behavioral28

    • Target

      data/loader/079fc51e57460e4ea9ccc9c98d08ee4728a1109c.bin

    • Size

      448KB

    • MD5

      406421add08d335160de789bb1a5d100

    • SHA1

      f80740128f535728a749ad77096e818efe6c80a2

    • SHA256

      05ac3fce76dbd7617d85b47cf322b75d6362ef1ffeb896639ed8b23fc0c11ce5

    • SHA512

      68f22079001eadbf2626e472976ab49a09ec9ca48a5323cc462e8a80362aaff8ccd88428ef06a52d409813f002392d0c08321949bd3fd0288de0f919dba1c153

    • SSDEEP

      12288:E3HwGIRSEV2BXOg9QmNl50naC1bhxkVSaSoPV34TFW9:/SEV2jL2kxSmW

    Score
    1/10
    behavioral29

    • Target

      data/loader/27f620d71722f964eb2ccc1c0fb7fcbd48d4e79e.bin

    • Size

      432KB

    • MD5

      26120c829cbd2c34fdd9a6cc3e5780ca

    • SHA1

      cc58ac017ebfed55795733c106e7c6c89ff48f0e

    • SHA256

      9aec3e68331a3cd230ddf878a5a322e4c85812a6f4982b8ec86df5207c2c6eb6

    • SHA512

      6daed2a3a1b07638989bdd45ad76f9c2a8c63a3b10fd12e3dcb7f4a5bdc98de6c0e3be8f81a9db557470f0cd8e605541714dae718510da447fe3ea13cd226de4

    • SSDEEP

      12288:xUSYLmBP+dNE34/DlLDCM11rIFDHGyYThW99:odNEehV1BIhHzu

    Score
    1/10
    behavioral30

    • Target

      data/loader/48a2c64ef41761a8d84c9b14b44c5a437f5c2250.bin

    • Size

      432KB

    • MD5

      bdde18137c9684cdf77381f66dbb803a

    • SHA1

      9ac5c94fd3e9eb853e738298e707053976e68c19

    • SHA256

      5c41d24178e1c8f5cafd29789b2391d97966c0f12cceccf07c087e6ca7c38cc3

    • SHA512

      76fa41c5d7a4d9c4432d674870e5e143892daffe971a9ba289b949a99a9ad768a50afe0484ba62700cc55a99e80c5bb298a3fe772959938680da76a011ce3318

    • SSDEEP

      12288:GUSYLmBPiBNE34/DlLDCM100gWIP2yYTPW9f:VBNEehV1Bg3PDo

    Score
    1/10
    behavioral31

    • Target

      data/loader/4f2ee5147615362828d1e1c23b0a42c7de646515.bin

    • Size

      424KB

    • MD5

      e89c3cafe8e070d0bd9a83c4561a71de

    • SHA1

      539c196e28959066c2564a8e0a35db9a0fd72f60

    • SHA256

      824e97acaebdcc0b5661ea566d4b9c7d580749208230ed508b82512468fe3441

    • SHA512

      afd0673a845fdd37c24fb9ab50bf070f71c0ca7b17bd986234031c5b44dab5c7ce7f40767fc988e64a4b2e70cc93bf5d43b936904187390f5cb92790435aa239

    • SSDEEP

      12288:ZO4KKdnzySBaOKIQN5slyo0qyHSGuICcXnqeUJkW9:FzySkrsGvCJeJ

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
6/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

floxifbackdoordiscoverytrojanupx
Score
10/10

behavioral28

floxifbackdoordiscoverytrojanupx
Score
10/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10