floxif | 771e1c6068ea8571bb2e4c17ffedc2523451b6164b66dde2bd8a64b5712f6db6

General

Target

771e1c6068ea8571bb2e4c17ffedc2523451b6164b66dde2bd8a64b5712f6db6N.exe
Size

197KB
Sample

241216-as62zawpdr
MD5

e8846ce060729b155781d7aac0349e80
SHA1

ef8ce68da61a3febcb798a76c4f163a01eab4072
SHA256

771e1c6068ea8571bb2e4c17ffedc2523451b6164b66dde2bd8a64b5712f6db6
SHA512

3ab8d62ced5ce640941d2039dea8dbef478ef51b589e7757136d0476eb5fcc8cccb3f5d4263a3f1452238eabf65a5330e2ddbe38e02c9c9c46c17a198f3d5066
SSDEEP

6144:T2VB0SLpXGu6cgEwT6+gXEwT6+gXkEBV+UdvrEFp7hK38L:iVB0SsX1S5EBjvrEH7eg

Score

10^/10

Malware Config

Targets

- Target
  
  771e1c6068ea8571bb2e4c17ffedc2523451b6164b66dde2bd8a64b5712f6db6N.exe
- Size
  
  197KB
- MD5
  
  e8846ce060729b155781d7aac0349e80
- SHA1
  
  ef8ce68da61a3febcb798a76c4f163a01eab4072
- SHA256
  
  771e1c6068ea8571bb2e4c17ffedc2523451b6164b66dde2bd8a64b5712f6db6
- SHA512
  
  3ab8d62ced5ce640941d2039dea8dbef478ef51b589e7757136d0476eb5fcc8cccb3f5d4263a3f1452238eabf65a5330e2ddbe38e02c9c9c46c17a198f3d5066
- SSDEEP
  
  6144:T2VB0SLpXGu6cgEwT6+gXEwT6+gXkEBV+UdvrEFp7hK38L:iVB0SsX1S5EBjvrEH7eg
Score

10^/10

floxif backdoor discovery trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Floxif family

Floxif, Floodfix

Detects Floxif payload

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2