floxif | 3d7d2fbff056715df82ff6087da813f9eab7626231db45788506896fa399ca44

Sharing

Copy URL

Twitter E-mail

General

Target

3d7d2fbff056715df82ff6087da813f9eab7626231db45788506896fa399ca44
Size

3.4MB
Sample

241226-1cm72a1mhj
MD5

407bf135c77ee9004572cb35cf596dd6
SHA1

de373458288c87d874a70797525681bbc152b30e
SHA256

3d7d2fbff056715df82ff6087da813f9eab7626231db45788506896fa399ca44
SHA512

e30a8502a29287a5001dbd374cb928aff1ee1d476f910e5042ce0618ed91de9b7bc99bbbb2dcd970840601fc28e05d05592d8467f6134d4745586dcd183f2373
SSDEEP

98304:zEN3dGUabIBnXryCC9hkN/kkVXqqvgVvxawaK:zKE6bs2ckVXqqvgja4

Score

10^/10

Malware Config

Targets

- Target
  
  3d7d2fbff056715df82ff6087da813f9eab7626231db45788506896fa399ca44
- Size
  
  3.4MB
- MD5
  
  407bf135c77ee9004572cb35cf596dd6
- SHA1
  
  de373458288c87d874a70797525681bbc152b30e
- SHA256
  
  3d7d2fbff056715df82ff6087da813f9eab7626231db45788506896fa399ca44
- SHA512
  
  e30a8502a29287a5001dbd374cb928aff1ee1d476f910e5042ce0618ed91de9b7bc99bbbb2dcd970840601fc28e05d05592d8467f6134d4745586dcd183f2373
- SSDEEP
  
  98304:zEN3dGUabIBnXryCC9hkN/kkVXqqvgVvxawaK:zKE6bs2ckVXqqvgja4
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  75e7351a0f836b8659e6f315683c29f7
- SHA1
  
  66b733d1c978d68cadc245e7efbfcae32807429d
- SHA256
  
  7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee
- SHA512
  
  f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  ca6a20e4e35d2abbc99de1c383356029
- SHA1
  
  48858707a4e2fe69688c77dbbf834c2a5d5c363a
- SHA256
  
  a6e32c90fb047e860cbe44355b573923d5950ddcf76ba7eedaf69f41d0dc3e21
- SHA512
  
  feb46e5d859b4e6c47209f7b184aebb08248ddd4ed26b2501e380238e90dec2ce3a285261256eb21db97585510c969fc261d3c9a1952153f5cdd572db38088c4
- SSDEEP
  
  192:/MBzn2/g5R+tQgBqUFGfNUsewLvZ3yi9uD4spERceMSFCnfnLgWhPKSsDEWF:/MBz24+gUUfJLrZ3y0y4sccuFCfLLR
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a78507ea1078cadaa8b2ec1a2e1d874f
- SHA1
  
  77fe20488444ebbaafc5b2c0743251a94edc3b8e
- SHA256
  
  93d1e681daebfd24ff9fab3952e8ae94eddbdfb3650937988c1fd8085991610e
- SHA512
  
  0399452c7305f23576d4175ec198ad8da8a530215e9304632b20bcb41a38fa0ba2c1c0b0b734b9f887851c92c7f2cf4cdfad403ace84e63318c0694402e1f270
- SSDEEP
  
  192:8trS5c+oKreH53n2fUC1lfeTf9OJCzD4/IVqh88GrgU6H:/jrd09O3/IcG8U6H
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/w7tbp.dll
- Size
  
  2KB
- MD5
  
  9a3031cc4cef0dba236a28eecdf0afb5
- SHA1
  
  708a76aa56f77f1b0ebc62b023163c2e0426f3ac
- SHA256
  
  53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
- SHA512
  
  8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  App/UltraISO/UltraISO.exe
- Size
  
  5.3MB
- MD5
  
  3fbe454216e4f8e3408965bb05ef117c
- SHA1
  
  5b9670eb3ac5166e16c771046db99cc59f99be60
- SHA256
  
  a725dece170d6af9cc7eaa42ff5cfedc10e8ad70b76ee50bc50413b412bb3db7
- SHA512
  
  1baa08ff255f3b46de917c47dfa6a8edfd761260721131b899c5f63674adff42c61c6dd7203d0cdda585fb1c4615d0ec198e9ea40d75e6676eb47d21fe5c1ac5
- SSDEEP
  
  49152:8/vuOPgDRk1bQZ0VEnNEI9HNcHMrqN9+Jz7KF4mfYLP/6CkCSLVHHGAcOzpk+ABe:8542E0Vcr9gwLsb3hb3zjb3dpCvxAB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  App/UltraISO/drivers/FileDlg.exe
- Size
  
  83KB
- MD5
  
  b1cd3f9e805d2225133ba99ca93d34bc
- SHA1
  
  44d16b2677eec775b99ac6c85a6a7f533e0d5550
- SHA256
  
  2fa5c3457aacb299886d27254a5da71d4b7715c41ed57f10a492b48e8f8f37c5
- SHA512
  
  1efdeec7194bd99697e27c1fa042a728ee3acc6e048ac0e1ce47ca21994ea4907c6ce901cfa8c757e08c06719da12171168d6f10d5b8f20c1d8942c49a3fb3a4
- SSDEEP
  
  1536:+tsgg9Vh3Bk9v46Xp5mtyyS7pxY93zl4WjAU5vDGfEr8GEGkDYZxjDbzDbv:+tsBVxBk9vNOaxqDl4kAqCEJZx3Tj
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  App/UltraISO/drivers/ISODrive.sys
- Size
  
  80KB
- MD5
  
  5645290b24d23612d8ae10bbe8bf03ce
- SHA1
  
  ec918957096391aaa9617d177277bb0f5ca2ea53
- SHA256
  
  21dc0fff80748ce3115658bd6cdff9fc13711ed9e686d25233c3a73535157d0f
- SHA512
  
  d9a0b52ddfd038b9373ad84f1cb1232bad65ffc210a7a3a4a95dcab6f6a634572403eebe26b3dc2c3b84a904b2b6b5607a7bfa242f24cfd9d52777934c16bf7a
- SSDEEP
  
  1536:qLiUaAQa/BBMy6hHxVLFt89Nhku7Nl3HJM3TKupr/wu0VXMCIDGLUDNMfECCPef6:qLsa/oHhHxVve9ONchp7eX
Score

1^/10
behavioral15 behavioral16
- Target
  
  App/UltraISO/drivers/ISODrv64.sys
- Size
  
  112KB
- MD5
  
  e489d12ff435aeef4a5474c47d329590
- SHA1
  
  17c353b5748ecd3e8eedd9de347da313085087dc
- SHA256
  
  66a01f63ee4f66c0cd5bb9bf20e1722d57cc8252ac126780800806b536f4cea9
- SHA512
  
  26582a140080e64d7f46b83435a8f2444c509e6a5dfaa1fd4adc190824daecfc5464e56ca89cb0518bcec780a1a16700199e567543cea32f32c5ca3e47add2fc
- SSDEEP
  
  1536:TgK0Gd60LoUzfcEQG+VthPuqZHWwW+g7oPaRsIO1AV2fbbbb8MLdkLFCjCFih:N6+dfcEQG6thpWwlgEPaRi1EhMLd/jJ
Score

1^/10
behavioral17 behavioral18
- Target
  
  App/UltraISO/drivers/IsoCmd.exe
- Size
  
  28KB
- MD5
  
  55677a521dd34ce7a93ab3f1d12b2dfd
- SHA1
  
  4316dd2b5e4ebb48886955ec5365b2f40d4298b3
- SHA256
  
  fc506cb2ce0fa9a994db2e29a595f818fe93cae93dd2f8cca6f4b40944907c5c
- SHA512
  
  e4e05c49701865ba349f4c037c96539cfd3da1f8cd97f9668474ca50a50db0a50e59e7f21f7e0fbc44ca1f79f7cdb529f82bc70b2a7a34e861bb5350ee783dcc
- SSDEEP
  
  384:hC0zdNPp+gOp/WTdUIJxhA55E7lT/MQJK2ahDKvMdOipWHwMQJK2hKvMdOipGOIl:s0zd7N5xd71c2ahOvSkJ2svS7IhHPX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  App/UltraISO/drivers/bootpart.exe
- Size
  
  29KB
- MD5
  
  1795c231239aaa1d5cb9f5b9191782b5
- SHA1
  
  166eeafcdde8bb732c60dc1eee3b3cad41c52244
- SHA256
  
  d32a5a4c3135d93ec6a40d815bae5be3cc63833c902c3db4cf7bb4a30d07756b
- SHA512
  
  3ce4458af4a4b100dee4e900271d0b5489812956e57385d7abafcaf6afcc6e348a82f9611ce1dae6c8eb89362a48ca230f6ea6ae5a1aa1fa4ee8f5a6ec8f3873
- SSDEEP
  
  384:iWMO6j9yNYGiTfLVxcVMLXfu3o2u/YzRv+3Bi0I7b1L1M/QDGPOGDgf2hw:ifVj9cuLcu+o23zQQL31xMYDGHUf2hw
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  App/UltraISO/drivers/bootpart.sys
- Size
  
  24KB
- MD5
  
  e89b724cd7ce6e0757b37713a4202927
- SHA1
  
  20fd060f7c8de5686afa3cfbf6984c1cb4adbd90
- SHA256
  
  1844214045018304e53fb56b795e994d8ac19f41e50d9872bd42a49f31625520
- SHA512
  
  a87c94a4f01a78e8d954c5b4c1a0dc9c586b660c6bec2700ca46067c050801c8049d86bd0f3fed69f6310e28525b6ef8ef74ba10941354455917142f5d892316
- SSDEEP
  
  384:6hV1LYzB4fQfRJkgTrWPF8azYNvq9j8SrDF1TcbrTM5lIKpwnY6I5QE:6tst88kgT6msYNSjoTngj
Score

1^/10
behavioral23 behavioral24
- Target
  
  App/UltraISO/drivers/bootpt64.sys
- Size
  
  32KB
- MD5
  
  28b2d49d7c5675bf3e290ffe5445c42d
- SHA1
  
  12c0752ee7601c821415d52f9ca25272cdce2ead
- SHA256
  
  ad54206d9b2aa90157ab21b77f6acc2885c9a1eabda3d82da100ef2718d02124
- SHA512
  
  8599fd5a9c882ba4d60994cf9a9ee5f1278ca588429b38830a23fbf5e9f2b199da69dae5dfb790f8496aac8bf5c2fd4f88b729bf5b754d40f3208c5c9f3c9319
- SSDEEP
  
  768:Yw7DEEQ33vdO2J4cTj0io6fe9L4VWygj:VfRILpfeOVW
Score

1^/10
behavioral25 behavioral26
- Target
  
  App/UltraISO/isoshell.dll
- Size
  
  77KB
- MD5
  
  bdcc1a4b4d745db4397b6ae3eb9c954b
- SHA1
  
  9ab18e41e17898aaf82d37dabb0811dcd0ed9947
- SHA256
  
  19d13f1930210741ba580c0d031121435c225953b5203823fbe18c1e8d58b94b
- SHA512
  
  f840c1f3d826a67c9a9d0eaace282f2baf23f857d4a26f14106a3917f409179a3b1348b9d0cc47a15225cc38d9344b676aabaa5f7f161e1d3720790ec52bae2d
- SSDEEP
  
  1536:Dgow6VlJIGobKKouSgDu1sZxVsmdPvSYFETm9Uf:0owkJfxKouy1GVsmdPvSYFET
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  App/UltraISO/isoshl64.dll
- Size
  
  151KB
- MD5
  
  c0fc6c67bd9d9fbc4f8ad44232d49d11
- SHA1
  
  e5ad2b56cc20652401ee5c60fe118cf3fb474a7b
- SHA256
  
  50df2e7ba2ab1892dd1e8c03be51a1dfa9c1ecc501d5166cd5e69badb4a8c503
- SHA512
  
  74bc8d2d93c870f0449582b6de60ade9b0322a5cca945beac8842ccd4577569ea97a7089163dcff8b0115ebbaf2ae75d09ae5214efcb8ea6902c80a2cc0e5586
- SSDEEP
  
  3072:kgShcvZ9+VtiRdCGD+PneNZ5gTqZUl2vIVPGsSbGv/PI7brluMDCFjV:W2Z9+VtiRj+2NZ5gTqZUl2vIVPGsSbaf
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral29 behavioral30
- Target
  
  App/UltraISO/lame_enc.dll
- Size
  
  962KB
- MD5
  
  b9e34ae6d6ecb1e19b36dc70e7ef406c
- SHA1
  
  014985ed2dab57e606e08788fc9177220dd2aed1
- SHA256
  
  3b8817fad300fd729d28ca4895d9fb131cf64e699fe5de658ae44c6d056dace4
- SHA512
  
  d2360eb205a7f8feb9d45237f0190ef3b2444b22225bead9eedfe5301cac0601741a7d849033d3b2b5cd2a39496edc86e1d4d4444110bafefcf4a8922c6bbff2
- SSDEEP
  
  12288:P2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhjN:PhAgFptPlqmPDHJ1apVdYUy+jRmXD
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Floxif family

Floxif, Floodfix

Detects Floxif payload

Event Triggered Execution: AppInit DLLs

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Enumerates connected drives

UPX packed file

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32