Overview

overview

10

Static

static

1

2024-12-17...ia.exe

windows7-x64

10

2024-12-17...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-17_15afc4a384d51f9cd69e728e715da4eb_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    241217-plcbcayqaz

  • MD5

    15afc4a384d51f9cd69e728e715da4eb

  • SHA1

    de5176a4774ef68bb28e8eb6cf792f199fe2ecab

  • SHA256

    dce4da8fb6b146bdc9de22f4ea1ec034fb1854ad4295ceee8450911dee283ac3

  • SHA512

    2a2c31a523692687918f4b4aa92356c3cf47dfbacf4174a68aca5237084f2614c4d4dbd4d8c24d2f81c46e9f7c885dfcde4553446884b3ec0c2ed8fb102ebdca

  • SSDEEP

    49152:KaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOR2RP2yYI1/7B5lcdtH9jR9W/KMZK2:LudEBhzQoMtoFPVmyN8yrOR2RO8N77lf

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2024-12-17_15afc4a384d51f9cd69e728e715da4eb_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      15afc4a384d51f9cd69e728e715da4eb

    • SHA1

      de5176a4774ef68bb28e8eb6cf792f199fe2ecab

    • SHA256

      dce4da8fb6b146bdc9de22f4ea1ec034fb1854ad4295ceee8450911dee283ac3

    • SHA512

      2a2c31a523692687918f4b4aa92356c3cf47dfbacf4174a68aca5237084f2614c4d4dbd4d8c24d2f81c46e9f7c885dfcde4553446884b3ec0c2ed8fb102ebdca

    • SSDEEP

      49152:KaSofyDdWWqJXBhgmvQojZ2toFPVmyN8yrOR2RP2yYI1/7B5lcdtH9jR9W/KMZK2:LudEBhzQoMtoFPVmyN8yrOR2RO8N77lf

    Score
    10/10
    floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks