General
-
Target
2024-12-11_5632a49f9d368cd4956eece3dfbf9518_floxif_mafia
-
Size
1.8MB
-
Sample
241211-w1tbqstmdz
-
MD5
5632a49f9d368cd4956eece3dfbf9518
-
SHA1
bd7111c71e51c16a17bc16353f04a2e8aa4f62cc
-
SHA256
e557779ae211b7e68ac1e3b1a2858e6b3720d8cfe7e8faf3cd53df763422d5fc
-
SHA512
3439613688b5dfac86121a8a70f3160e736da6ccb8594e6f32778b665118864228caeb937af285c0b32c41f5909445fef6c2cd3c075a49c90a27716840e10092
-
SSDEEP
49152:opEYgw15kZV2HXsMnmjEREseBSsxHnfXsrHYihYiVi5:65YuYV
Malware Config
Targets
-
-
Target
2024-12-11_5632a49f9d368cd4956eece3dfbf9518_floxif_mafia
-
Size
1.8MB
-
MD5
5632a49f9d368cd4956eece3dfbf9518
-
SHA1
bd7111c71e51c16a17bc16353f04a2e8aa4f62cc
-
SHA256
e557779ae211b7e68ac1e3b1a2858e6b3720d8cfe7e8faf3cd53df763422d5fc
-
SHA512
3439613688b5dfac86121a8a70f3160e736da6ccb8594e6f32778b665118864228caeb937af285c0b32c41f5909445fef6c2cd3c075a49c90a27716840e10092
-
SSDEEP
49152:opEYgw15kZV2HXsMnmjEREseBSsxHnfXsrHYihYiVi5:65YuYV
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-