floxif | a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52 | Triage

Submit
Reports

Overview

overview

Static

static

5

a39ad91fa7...2N.exe

windows7-x64

a39ad91fa7...2N.exe

windows10-2004-x64

Sharing

General

Target

a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52N.exe
Size

888KB
Sample

241217-rj4nxs1mhy
MD5

d9c444cad1cd385154a50278c9120030
SHA1

1c631f1e2b6308d1f87eb05dfdc09b696d064524
SHA256

a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52
SHA512

0ed3710bf609c1a70ee2426cdb78d23659823bf757a794040e9dabc0aa2ca8f569f9cedf59258296020fad846683d72ec11e7afec465f4d52fb07cc296ab365a
SSDEEP

12288:DpqAgC/2OGAtkCP4cejGSOpRK3CGYxBjvrEH7TS:DpX/2+ttPJLfpRK3CGYvrEH7TS

Score

10^/10

floxif backdoor discovery evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52N.exe

Resource

win7-20240903-en

floxif backdoor discovery evasion persistence trojan upx

windows7-x64

21 signatures

120 seconds

Behavioral task

behavioral2

Sample

a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52N.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery evasion persistence trojan upx

windows10-2004-x64

21 signatures

120 seconds

Malware Config

Targets

- Target
  
  a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52N.exe
- Size
  
  888KB
- MD5
  
  d9c444cad1cd385154a50278c9120030
- SHA1
  
  1c631f1e2b6308d1f87eb05dfdc09b696d064524
- SHA256
  
  a39ad91fa7e488a5738da1d4cc058a4207d2797739cdd9f4d4a33709cc38cb52
- SHA512
  
  0ed3710bf609c1a70ee2426cdb78d23659823bf757a794040e9dabc0aa2ca8f569f9cedf59258296020fad846683d72ec11e7afec465f4d52fb07cc296ab365a
- SSDEEP
  
  12288:DpqAgC/2OGAtkCP4cejGSOpRK3CGYxBjvrEH7TS:DpX/2+ttPJLfpRK3CGYvrEH7TS
Score

10^/10

floxif backdoor discovery evasion persistence trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Modifies WinLogon for persistence
  persistence
- Detects Floxif payload
  backdoor
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoveryevasionpersistencetrojanupx

behavioral2

floxifbackdoordiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy