General
-
Target
Screenshot 2024-10-23 184148.png
-
Size
7KB
-
Sample
241221-dzgbns1qa1
-
MD5
b159ea6d4c0f037a7bf97cfea6f7f25f
-
SHA1
24ea5f47e967a74c36172fb30bd544114415d6aa
-
SHA256
3a8f7f5e947198ba6d98d53efcb475d87816b045ef9e9f9e4d0281e8d600aad7
-
SHA512
f67d33771adea3635aa1d2b64a3ee2d34743821336fbbf1d4ae30f2ac3d74614cb28ac92c2dac1fee94c2d0f9efd0a4eac1c9dffb7d7e45369b61c1cef50a04b
-
SSDEEP
192:0babDvQCoCJHYOvT0u9lPMp/OrLGyfR8YQeUWWK90nxDLx:0aFoCJHYOvR0tuLGyRrQsA5x
Malware Config
Targets
-
-
Target
Screenshot 2024-10-23 184148.png
-
Size
7KB
-
MD5
b159ea6d4c0f037a7bf97cfea6f7f25f
-
SHA1
24ea5f47e967a74c36172fb30bd544114415d6aa
-
SHA256
3a8f7f5e947198ba6d98d53efcb475d87816b045ef9e9f9e4d0281e8d600aad7
-
SHA512
f67d33771adea3635aa1d2b64a3ee2d34743821336fbbf1d4ae30f2ac3d74614cb28ac92c2dac1fee94c2d0f9efd0a4eac1c9dffb7d7e45369b61c1cef50a04b
-
SSDEEP
192:0babDvQCoCJHYOvT0u9lPMp/OrLGyfR8YQeUWWK90nxDLx:0aFoCJHYOvR0tuLGyRrQsA5x
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Downloads MZ/PE file
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1