General
-
Target
2024-12-23_c28ce292e1a52b401be8ea7cbadb9868_floxif_mafia
-
Size
266KB
-
Sample
241223-jgq12sxnhr
-
MD5
c28ce292e1a52b401be8ea7cbadb9868
-
SHA1
12747a24d1f5cac37293b5c37aeb8bf27fe1fabb
-
SHA256
89d91018791ecd4210ee6f773ab257c6262efa341ccd727bf61f33bd3846c13e
-
SHA512
89a1624234ca1dadaf1c5fb1e69ffeceb980e75755dd78f45e57ad25affc51e49fdba7541bd56ce37801bf26830f0b1e1c566ee0c208be240794402ba8d0e0ec
-
SSDEEP
6144:bWBak3njoH1qH8r+175WcRQ84QpAtwBV+UdvrEFp7hK85:K/joHs8r+175vRx4Qp6wBjvrEH7d
Malware Config
Targets
-
-
Target
2024-12-23_c28ce292e1a52b401be8ea7cbadb9868_floxif_mafia
-
Size
266KB
-
MD5
c28ce292e1a52b401be8ea7cbadb9868
-
SHA1
12747a24d1f5cac37293b5c37aeb8bf27fe1fabb
-
SHA256
89d91018791ecd4210ee6f773ab257c6262efa341ccd727bf61f33bd3846c13e
-
SHA512
89a1624234ca1dadaf1c5fb1e69ffeceb980e75755dd78f45e57ad25affc51e49fdba7541bd56ce37801bf26830f0b1e1c566ee0c208be240794402ba8d0e0ec
-
SSDEEP
6144:bWBak3njoH1qH8r+175WcRQ84QpAtwBV+UdvrEFp7hK85:K/joHs8r+175vRx4Qp6wBjvrEH7d
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-