General
-
Target
2024-12-11_385783b2616c805e1cdb5ce163ac46e7_floxif_mafia
-
Size
4.4MB
-
Sample
241211-vxjsfsslas
-
MD5
385783b2616c805e1cdb5ce163ac46e7
-
SHA1
49b3115a3bdc151d3d6eb81ca3498c41ddb7d613
-
SHA256
29549889bafbcde265fbfe72c3ac5f7fe676961755562ed625c964e8e8417ead
-
SHA512
116b737862fedf19484caeff94ad02931c04c03b8fe3a34568e2b3da0641662229b47863e05a7b65a225c66a229471ab2e73e21156cfcc5d947f2c4f9f7fc42b
-
SSDEEP
98304:eQ43AbtIfBLLzDYqfPKtyU8xcbvnJVtVPmiMBew53cwxX8DMBsx/R+evsQ:eQ4UIf9SlbbDrPmiMMw5pxoPN
Malware Config
Targets
-
-
Target
2024-12-11_385783b2616c805e1cdb5ce163ac46e7_floxif_mafia
-
Size
4.4MB
-
MD5
385783b2616c805e1cdb5ce163ac46e7
-
SHA1
49b3115a3bdc151d3d6eb81ca3498c41ddb7d613
-
SHA256
29549889bafbcde265fbfe72c3ac5f7fe676961755562ed625c964e8e8417ead
-
SHA512
116b737862fedf19484caeff94ad02931c04c03b8fe3a34568e2b3da0641662229b47863e05a7b65a225c66a229471ab2e73e21156cfcc5d947f2c4f9f7fc42b
-
SSDEEP
98304:eQ43AbtIfBLLzDYqfPKtyU8xcbvnJVtVPmiMBew53cwxX8DMBsx/R+evsQ:eQ4UIf9SlbbDrPmiMMw5pxoPN
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-