Overview

overview

10

Static

static

3

2024-12-18...if.exe

windows7-x64

10

2024-12-18...if.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-18_573183f44383e8123536a2dd7923d2f4_bkransomware_floxif

  • Size

    275KB

  • Sample

    241218-tvtn7swkcp

  • MD5

    573183f44383e8123536a2dd7923d2f4

  • SHA1

    0bcc30a2bb8e6957911486bfadb01ee49bd79d3f

  • SHA256

    4c9cad0ef04a8512f5ced3e01b267612ba7019fc1f1c8709a7e95cac9066bfc1

  • SHA512

    e8aa7160753db28dd36ce145e9e4bca025c01604c6be7ec682e705806042c08b36d289757c8a9606da95e399ea04dd0a9df6969a4ffed895dc60b5a764c93d5c

  • SSDEEP

    3072:9666SmGgfYISLpt690O4EHIsxeJTuSUdybQHoAw3MVDdVY3KL2lQBV+UdE+rECWd:92SSM60OhHgT1nt3KPBV+UdvrEFp7hKw

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2024-12-18_573183f44383e8123536a2dd7923d2f4_bkransomware_floxif

    • Size

      275KB

    • MD5

      573183f44383e8123536a2dd7923d2f4

    • SHA1

      0bcc30a2bb8e6957911486bfadb01ee49bd79d3f

    • SHA256

      4c9cad0ef04a8512f5ced3e01b267612ba7019fc1f1c8709a7e95cac9066bfc1

    • SHA512

      e8aa7160753db28dd36ce145e9e4bca025c01604c6be7ec682e705806042c08b36d289757c8a9606da95e399ea04dd0a9df6969a4ffed895dc60b5a764c93d5c

    • SSDEEP

      3072:9666SmGgfYISLpt690O4EHIsxeJTuSUdybQHoAw3MVDdVY3KL2lQBV+UdE+rECWd:92SSM60OhHgT1nt3KPBV+UdvrEFp7hKw

    Score
    10/10
    floxifbackdoordiscoverytrojanupxpersistenceprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks