floxif | d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd | Triage

Submit
Reports

Overview

overview

Static

static

3

d4280f4d3a...dd.exe

windows7-x64

d4280f4d3a...dd.exe

windows10-2004-x64

Sharing

General

Target

d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd
Size

4.7MB
Sample

241211-esrdqswlgy
MD5

d3b99efd2be70b804ab187899b8ea8a2
SHA1

5a50287619cbdb06c923a2e0e59b130c92435972
SHA256

d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd
SHA512

1be63a37e4cc331c8bfe1bd6ef5fa937205f8b7b0c36ce2d60c4fc322703c3c32a20d73afd195cf63ce79f3088c13e559bfb0eaff9baf526d88a71a5ec95bd48
SSDEEP

49152:tWKGNq7FBhpRWa3viMRIcDdxw6dXF3W1QrL1UDq3P8mlp4DOXUx4:zGejpRWafEkRW6OHmrZX5

Score

10^/10

floxif backdoor discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd.exe

Resource

win7-20240903-en

floxif backdoor discovery evasion persistence trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery evasion persistence trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd
- Size
  
  4.7MB
- MD5
  
  d3b99efd2be70b804ab187899b8ea8a2
- SHA1
  
  5a50287619cbdb06c923a2e0e59b130c92435972
- SHA256
  
  d4280f4d3a5b55db372dbf46200db3cf9afb851aaa7c4961376cc877d1f45bdd
- SHA512
  
  1be63a37e4cc331c8bfe1bd6ef5fa937205f8b7b0c36ce2d60c4fc322703c3c32a20d73afd195cf63ce79f3088c13e559bfb0eaff9baf526d88a71a5ec95bd48
- SSDEEP
  
  49152:tWKGNq7FBhpRWa3viMRIcDdxw6dXF3W1QrL1UDq3P8mlp4DOXUx4:zGejpRWafEkRW6OHmrZX5
Score

10^/10

floxif backdoor discovery evasion persistence trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoveryevasionpersistencetrojanupx

behavioral2

floxifbackdoordiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy