floxif | ca64f3afd1f4e5be5a7259c5c5721b194fcbff8b9695a7ce528a83a05883d5a5 | Triage

Submit
Reports

Overview

overview

Static

static

1

2024-12-21...ia.exe

windows7-x64

2024-12-21...ia.exe

windows10-2004-x64

Sharing

General

Target

2024-12-21_56907fcca4621c98165338fcc64abe9a_floxif_mafia
Size

272KB
Sample

241221-w3e7wswlgm
MD5

56907fcca4621c98165338fcc64abe9a
SHA1

50696271e4be4e2aa90aebc9b19bdfa8b4144273
SHA256

ca64f3afd1f4e5be5a7259c5c5721b194fcbff8b9695a7ce528a83a05883d5a5
SHA512

6aa2d10fa8e576fd8f0cfee75ced43e0e00d560b19de72920f6731ded82bc9f9599fe585302bcc6a3d6c77a3bd58654bfcd8adf93a35f25af76a070ac13bf067
SSDEEP

6144:2MMZlyIxh/sEMgDrkTEUET+l2AbpLk0cusQvMRlkM4RD/qzMfUVM:zMZl/XkT1KG2qk0nMRGM4h/qofT

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2024-12-21_56907fcca4621c98165338fcc64abe9a_floxif_mafia.exe

Resource

win7-20241010-en

floxif backdoor discovery trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-21_56907fcca4621c98165338fcc64abe9a_floxif_mafia.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-12-21_56907fcca4621c98165338fcc64abe9a_floxif_mafia
- Size
  
  272KB
- MD5
  
  56907fcca4621c98165338fcc64abe9a
- SHA1
  
  50696271e4be4e2aa90aebc9b19bdfa8b4144273
- SHA256
  
  ca64f3afd1f4e5be5a7259c5c5721b194fcbff8b9695a7ce528a83a05883d5a5
- SHA512
  
  6aa2d10fa8e576fd8f0cfee75ced43e0e00d560b19de72920f6731ded82bc9f9599fe585302bcc6a3d6c77a3bd58654bfcd8adf93a35f25af76a070ac13bf067
- SSDEEP
  
  6144:2MMZlyIxh/sEMgDrkTEUET+l2AbpLk0cusQvMRlkM4RD/qzMfUVM:zMZl/XkT1KG2qk0nMRGM4h/qofT
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy