General
-
Target
2024-12-13_e6e7d3f40cab7d32fd1309adfb9d0465_floxif_magniber
-
Size
11.9MB
-
Sample
241213-asvc6sspet
-
MD5
e6e7d3f40cab7d32fd1309adfb9d0465
-
SHA1
3be0049108a61624c048f51389f601ce8d9f65d1
-
SHA256
70d11ee41d02c57443e0ca7395d191abf9747c8d39f19b8e6ba2696f763015f1
-
SHA512
a35c12d180d783b585b53eb312cf0aa06f044f6a550c35978464133d68b25cd98a1e287b07e2c183077dfea7b4afde2b954aef91b63c5092c72efa2f69d7a7b5
-
SSDEEP
196608:h+XXXaRbXeZ0f1vwnFzOSoQ33snJuokGef62:h+6RbuqtvwnFWD2
Malware Config
Targets
-
-
Target
2024-12-13_e6e7d3f40cab7d32fd1309adfb9d0465_floxif_magniber
-
Size
11.9MB
-
MD5
e6e7d3f40cab7d32fd1309adfb9d0465
-
SHA1
3be0049108a61624c048f51389f601ce8d9f65d1
-
SHA256
70d11ee41d02c57443e0ca7395d191abf9747c8d39f19b8e6ba2696f763015f1
-
SHA512
a35c12d180d783b585b53eb312cf0aa06f044f6a550c35978464133d68b25cd98a1e287b07e2c183077dfea7b4afde2b954aef91b63c5092c72efa2f69d7a7b5
-
SSDEEP
196608:h+XXXaRbXeZ0f1vwnFzOSoQ33snJuokGef62:h+6RbuqtvwnFWD2
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-