General
-
Target
2024-12-11_aec4b68ffac39a68dced030a07bfde7f_floxif_icedid
-
Size
4.0MB
-
Sample
241211-z7bbaatjhr
-
MD5
aec4b68ffac39a68dced030a07bfde7f
-
SHA1
4360289f45f613e38e9e1f24f21ccf829e9b5762
-
SHA256
59e2872672c858df6dcfb606109c1e95ac0d8333580fc5600156965c8abd2ad1
-
SHA512
0544706701d10337ed4f74e2573dc82973d0e5343c53018ce7c688d97b041f0f40b18087322d619cc6ac9615b7bd26c365ee74caea6eb8f4a7706d99c0cb623e
-
SSDEEP
98304:YhJXr+RrhCBP8TWfAGRke/1iACNdCNRPK2b8TP:YzXixkBPAWlRkeYdChu
Malware Config
Targets
-
-
Target
2024-12-11_aec4b68ffac39a68dced030a07bfde7f_floxif_icedid
-
Size
4.0MB
-
MD5
aec4b68ffac39a68dced030a07bfde7f
-
SHA1
4360289f45f613e38e9e1f24f21ccf829e9b5762
-
SHA256
59e2872672c858df6dcfb606109c1e95ac0d8333580fc5600156965c8abd2ad1
-
SHA512
0544706701d10337ed4f74e2573dc82973d0e5343c53018ce7c688d97b041f0f40b18087322d619cc6ac9615b7bd26c365ee74caea6eb8f4a7706d99c0cb623e
-
SSDEEP
98304:YhJXr+RrhCBP8TWfAGRke/1iACNdCNRPK2b8TP:YzXixkBPAWlRkeYdChu
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1