floxif | a6299240d8817978bde5a2985ee040734e4c8fc62f32a241481ab6dd1db604af

General

Target

a6299240d8817978bde5a2985ee040734e4c8fc62f32a241481ab6dd1db604afN.exe
Size

5.8MB
Sample

241216-14nmwa1qat
MD5

d32fed1e0d722c0981f748c89aa9e2d0
SHA1

3a500c6c28aea14da842d46dc0cf98193adf6afd
SHA256

a6299240d8817978bde5a2985ee040734e4c8fc62f32a241481ab6dd1db604af
SHA512

53809a5bf042378685b63c675a40d86caebfe2ac928e888b06f6922d8a6fcd823c41264843085c12213a0fd31865f163273b53b4f2261f5b4334cd8a45482284
SSDEEP

98304:NZAmLhPQYb9QORwlpvKjq6P4YqN18frP3wbzWFimaI7dlo8t:N/LhPQYRQmwlNQNgbzWFimaI7dlR

Score

10^/10

Malware Config

Targets

- Target
  
  a6299240d8817978bde5a2985ee040734e4c8fc62f32a241481ab6dd1db604afN.exe
- Size
  
  5.8MB
- MD5
  
  d32fed1e0d722c0981f748c89aa9e2d0
- SHA1
  
  3a500c6c28aea14da842d46dc0cf98193adf6afd
- SHA256
  
  a6299240d8817978bde5a2985ee040734e4c8fc62f32a241481ab6dd1db604af
- SHA512
  
  53809a5bf042378685b63c675a40d86caebfe2ac928e888b06f6922d8a6fcd823c41264843085c12213a0fd31865f163273b53b4f2261f5b4334cd8a45482284
- SSDEEP
  
  98304:NZAmLhPQYb9QORwlpvKjq6P4YqN18frP3wbzWFimaI7dlo8t:N/LhPQYRQmwlNQNgbzWFimaI7dlR
Score

10^/10

floxif adware backdoor discovery persistence phishing spyware stealer trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2