General
-
Target
2024-12-22_e39bf0251fd8b788eb82bfd009843c51_floxif_mafia
-
Size
2.2MB
-
Sample
241222-pnd8qayler
-
MD5
e39bf0251fd8b788eb82bfd009843c51
-
SHA1
e5eaa2c0f1e0631a7287213dd1f9a078593dbde5
-
SHA256
c4a01c1381c2999c6300bd530880f5ebf473e5b52c9c5e30cbf1c1bff28f2fbf
-
SHA512
d42ffee710ced8052caadb651915a84e84172443dc2dbbe55012d8e89547ff8b10d139374dd986a8533a75c75547f570ca6809ca7df7a14cfb13020a8386a5c4
-
SSDEEP
49152:Kc6tJFd5lBtMp9B1ZP7gg50r0n5/znbX7PJDz3pVO6pBfLP8rIdhOMRL5wyOKSeO:6tJFd5lBtMp9B1ZP7gg50r0n5/znbX7M
Malware Config
Targets
-
-
Target
2024-12-22_e39bf0251fd8b788eb82bfd009843c51_floxif_mafia
-
Size
2.2MB
-
MD5
e39bf0251fd8b788eb82bfd009843c51
-
SHA1
e5eaa2c0f1e0631a7287213dd1f9a078593dbde5
-
SHA256
c4a01c1381c2999c6300bd530880f5ebf473e5b52c9c5e30cbf1c1bff28f2fbf
-
SHA512
d42ffee710ced8052caadb651915a84e84172443dc2dbbe55012d8e89547ff8b10d139374dd986a8533a75c75547f570ca6809ca7df7a14cfb13020a8386a5c4
-
SSDEEP
49152:Kc6tJFd5lBtMp9B1ZP7gg50r0n5/znbX7PJDz3pVO6pBfLP8rIdhOMRL5wyOKSeO:6tJFd5lBtMp9B1ZP7gg50r0n5/znbX7M
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-