General
-
Target
52948a92ee6e1930a05bd676f7dd1febaf9790ceeed0c9a9ebfcbfab16ef0925N.exe
-
Size
1.2MB
-
Sample
241215-2ddwessjcj
-
MD5
9f2b804477147f9ab6782b153bac4070
-
SHA1
e8ee1cac13fbb764f2bed7be7db669e90dafc18f
-
SHA256
52948a92ee6e1930a05bd676f7dd1febaf9790ceeed0c9a9ebfcbfab16ef0925
-
SHA512
309d2f0b4cdcbac745ba60f8f575d2ce6bb11c9d3f0f96610095c21031c934e7f10d9ac4b211bc19b5744646f1ef46f479e6d6c12ea31b73fb944b4e3efcff86
-
SSDEEP
24576:hMbrn/kG9Pwrn/POzMQGEvGH3RDDtAi1PDxwQo79mRUwbSlcfSgQ+n81lMRGJ/qU:hmrn/x9Pwrn/POzMQGEvGHtDtN1dwQX4
Malware Config
Targets
-
-
Target
52948a92ee6e1930a05bd676f7dd1febaf9790ceeed0c9a9ebfcbfab16ef0925N.exe
-
Size
1.2MB
-
MD5
9f2b804477147f9ab6782b153bac4070
-
SHA1
e8ee1cac13fbb764f2bed7be7db669e90dafc18f
-
SHA256
52948a92ee6e1930a05bd676f7dd1febaf9790ceeed0c9a9ebfcbfab16ef0925
-
SHA512
309d2f0b4cdcbac745ba60f8f575d2ce6bb11c9d3f0f96610095c21031c934e7f10d9ac4b211bc19b5744646f1ef46f479e6d6c12ea31b73fb944b4e3efcff86
-
SSDEEP
24576:hMbrn/kG9Pwrn/POzMQGEvGH3RDDtAi1PDxwQo79mRUwbSlcfSgQ+n81lMRGJ/qU:hmrn/x9Pwrn/POzMQGEvGHtDtN1dwQX4
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Modifies WinLogon for persistence
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1