Overview

overview

10

Static

static

3

2024-12-25...ia.exe

windows7-x64

10

2024-12-25...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-25_b4d56b49de98567003125cff5744f34f_floxif_mafia

  • Size

    2.4MB

  • Sample

    241225-pnf3baspgv

  • MD5

    b4d56b49de98567003125cff5744f34f

  • SHA1

    8825406315726d05028f0924298af00aafb4924d

  • SHA256

    68381ef6ef0043fe82fe0c40354f2f2ff95f4206feb2704d611bd9a366015cfa

  • SHA512

    81aaa6445a730fbe8b5972d84eb98e72c8566162d4cb01507d5f5f824b3f2e1d0138ca75110349cab0dabd1da2f33245bd11ec9b2b0766c53bd8706ef3bf96fc

  • SSDEEP

    49152:ybN6s9VwXTJq16ZEHqlU8P+PGlLIRVdETIwpKfm2+YSxOvy6uJkm2rD9YZGqr+EI:ybosIASEHqlUbPAsRVdETIIKfm2+fCyE

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2024-12-25_b4d56b49de98567003125cff5744f34f_floxif_mafia

    • Size

      2.4MB

    • MD5

      b4d56b49de98567003125cff5744f34f

    • SHA1

      8825406315726d05028f0924298af00aafb4924d

    • SHA256

      68381ef6ef0043fe82fe0c40354f2f2ff95f4206feb2704d611bd9a366015cfa

    • SHA512

      81aaa6445a730fbe8b5972d84eb98e72c8566162d4cb01507d5f5f824b3f2e1d0138ca75110349cab0dabd1da2f33245bd11ec9b2b0766c53bd8706ef3bf96fc

    • SSDEEP

      49152:ybN6s9VwXTJq16ZEHqlU8P+PGlLIRVdETIwpKfm2+YSxOvy6uJkm2rD9YZGqr+EI:ybosIASEHqlUbPAsRVdETIIKfm2+fCyE

    Score
    10/10
    floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks