General
-
Target
2024-12-17_11d88c3a57c87b89083b13d794f0a561_floxif_mafia
-
Size
2.4MB
-
Sample
241217-w1k1csvngl
-
MD5
11d88c3a57c87b89083b13d794f0a561
-
SHA1
609e38c412932d53138ba4b3e979142002c38cbd
-
SHA256
57801f638f93518b27ea34130a63234a69e52bde168e2367dcb2adfe7101a777
-
SHA512
aad89b5b91b4a00c16029c55c74a56d3064c7232d61aa5287568d9b673c12eee9182db15b5f244e9a4f511b4c4a43a70b1146d05b57fee3b03ddff3a70941f4c
-
SSDEEP
49152:2cuE7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31qm:6E7AfrlyutLxC3sEwwM3Um
Malware Config
Targets
-
-
Target
2024-12-17_11d88c3a57c87b89083b13d794f0a561_floxif_mafia
-
Size
2.4MB
-
MD5
11d88c3a57c87b89083b13d794f0a561
-
SHA1
609e38c412932d53138ba4b3e979142002c38cbd
-
SHA256
57801f638f93518b27ea34130a63234a69e52bde168e2367dcb2adfe7101a777
-
SHA512
aad89b5b91b4a00c16029c55c74a56d3064c7232d61aa5287568d9b673c12eee9182db15b5f244e9a4f511b4c4a43a70b1146d05b57fee3b03ddff3a70941f4c
-
SSDEEP
49152:2cuE7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31qm:6E7AfrlyutLxC3sEwwM3Um
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1AppInit DLLs
1Pre-OS Boot
1Bootkit
1