floxif | 597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606 | Triage

Submit
Reports

Overview

overview

Static

static

1

597a0a9a48...06.exe

windows7-x64

597a0a9a48...06.exe

windows10-2004-x64

Sharing

General

Target

597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606
Size

134KB
Sample

241226-2jvfcstkg1
MD5

a165ff63d21c6a0632d1cfbb57c60982
SHA1

34112ecda1adb149de8c8339b7b4b68c591150c3
SHA256

597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606
SHA512

f7fded77be9204687b1da84a4bf27c9f21f0445fe599fbcf97f05c4bd3433ec50df4193471ebe7791f5953c1322970592305244bfdf16ccd7e54c3fec092587b
SSDEEP

1536:swCJNB3q9ldSlXxsLnTN2s+zheW6BVrqzCJ3bdDY+W14N4NmzWlIA7hKRQGa7lf:CTPlBIp2lQBV+UdE+rECWp7hK5Mlf

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606.exe

Resource

win7-20240903-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606
- Size
  
  134KB
- MD5
  
  a165ff63d21c6a0632d1cfbb57c60982
- SHA1
  
  34112ecda1adb149de8c8339b7b4b68c591150c3
- SHA256
  
  597a0a9a489157adee13ed11b7fd91c4409fec6808e474c04b4e16e4cb1d7606
- SHA512
  
  f7fded77be9204687b1da84a4bf27c9f21f0445fe599fbcf97f05c4bd3433ec50df4193471ebe7791f5953c1322970592305244bfdf16ccd7e54c3fec092587b
- SSDEEP
  
  1536:swCJNB3q9ldSlXxsLnTN2s+zheW6BVrqzCJ3bdDY+W14N4NmzWlIA7hKRQGa7lf:CTPlBIp2lQBV+UdE+rECWp7hK5Mlf
Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy