General
-
Target
2024-12-24_3516447d997965c415dcf816c294ae00_floxif_mafia
-
Size
724KB
-
Sample
241224-vxmjcasrfr
-
MD5
3516447d997965c415dcf816c294ae00
-
SHA1
fa69afb1aff26b48723d11b0655f32f6223e9864
-
SHA256
bd95f6a965da5964afe031ced376031f7266e2e4def52ce3e3aa509c34abe01a
-
SHA512
a009737674f12a77424b9256f309fbb93fdc6b59a6be1cee4f9c584d604ee17ebafed91c7ddf031fd03acd69b6bcbe36cb42e86be46f3e744d794a430098ba13
-
SSDEEP
12288:UJRgXhW8KMAZ4G/LsR0JfAmU2IeAYAIfX4Hhd9BM4ACyyWLrPEV1RRO+fDcVXm3e:gYEpDZ4G4R2fAmU2IeAYAIfX4Hhd9BM5
Malware Config
Targets
-
-
Target
2024-12-24_3516447d997965c415dcf816c294ae00_floxif_mafia
-
Size
724KB
-
MD5
3516447d997965c415dcf816c294ae00
-
SHA1
fa69afb1aff26b48723d11b0655f32f6223e9864
-
SHA256
bd95f6a965da5964afe031ced376031f7266e2e4def52ce3e3aa509c34abe01a
-
SHA512
a009737674f12a77424b9256f309fbb93fdc6b59a6be1cee4f9c584d604ee17ebafed91c7ddf031fd03acd69b6bcbe36cb42e86be46f3e744d794a430098ba13
-
SSDEEP
12288:UJRgXhW8KMAZ4G/LsR0JfAmU2IeAYAIfX4Hhd9BM4ACyyWLrPEV1RRO+fDcVXm3e:gYEpDZ4G4R2fAmU2IeAYAIfX4Hhd9BM5
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-