floxif | bf791a2f43ce7856ad76c87f06cb323735a92acb1a4f17f4c5a6ea93a973ab19

Sharing

Copy URL

Twitter E-mail

General

Target

SamFlash.7z
Size

46.2MB
Sample

241227-naefwsvjfv
MD5

b77b39c881c3d159a5041db48702e262
SHA1

e68446ff24594389894725f78948cc9168f25c75
SHA256

bf791a2f43ce7856ad76c87f06cb323735a92acb1a4f17f4c5a6ea93a973ab19
SHA512

63e92c2125fcab10e1087e1980fb9b063317a258461ee858259e0fe596c7cffe3a98e3087e1084ae8bf46cba7265ea20e395e952977cea45f9d41cc4d86f1de6
SSDEEP

786432:IlyHWMO4ropTMjB3FcNEwJ/eEyTEwSTbz8Hq5gfC3zLIdLSVqRpvzMEoAelLXgkD:IkU4rox2BmEaeEyNSTboq2ogrvz90l8m

Score

10^/10

Malware Config

Targets

- Target
  
  SamFlash.exe
- Size
  
  40.1MB
- MD5
  
  f12dbf95da6430daca5896cbf5f4d26d
- SHA1
  
  42ff929901a144495657f6103796292318173555
- SHA256
  
  66af486c43f75e1bb7951457dbb173b56bb48a03179cf2ea05820981737494f3
- SHA512
  
  020e310a2148ad206b44ddc6cf89d2b6a38d8da31a63bac403d9aa00ea388e4e2354d4e0b586dadace7031a11ab5f0b54a09e54c5cb26512b5765bed3bdd5ef6
- SSDEEP
  
  786432:WJgcU5/BFm0ErjlqaxBKiZhOmXtSM8OLaZr6B+M5rvPWdv4BNT:1c8BFmxjlq4KeV216BZxPk
Score

3^/10

discovery
behavioral1
- Target
  
  data/AdbWinApi.dll
- Size
  
  105KB
- MD5
  
  819e3e651ac7f490eb1500e0df246c3e
- SHA1
  
  e4948268e2b3974d1728fe474195df011c380f45
- SHA256
  
  fd96c88a315ba271018c0b54e7d696aba16d6bac132d9afc49b60cb14e4a822c
- SHA512
  
  912da4212dc22adcb878c8b34ab7970a15878d7398643e8bbd3f6682d85fa5364f52a0e471d0c3299ad30fece47fba29a75ed5c83529fec3931343e34eba7fd0
- SSDEEP
  
  1536:Dwqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCPN7jBx:DwqD3L8Tezq0et+ui1yE
Score

3^/10

discovery
behavioral2
- Target
  
  data/AdbWinUsbApi.dll
- Size
  
  71KB
- MD5
  
  414d7ff85d3707752cb5df159e81273b
- SHA1
  
  5c944ccae169d2b52d5442d0169fe6f2be7611a1
- SHA256
  
  25bb8b33eeb702b340defcf078eb249420c885b8f4fedfc3fc56ada66bcdbc14
- SHA512
  
  af2039ec528597adccf1268185d5e1686d2a276102197c3d028abf9167bc10d1d1b22b862f93bd880cf75ae2c2f6c5d0c862384f8be74008d468e69e21a019fb
- SSDEEP
  
  1536:572doFmOiHizFbPlspcsbj5ZsP+YeTs1pc75ZxQ:5SSfN9+YeTs1pcFI
Score

3^/10

discovery
behavioral3
- Target
  
  data/adb.exe
- Size
  
  5.6MB
- MD5
  
  1eb885c863d208e330e3a961849322eb
- SHA1
  
  cf909df4d928aa9053e2817fa10232880b56ca55
- SHA256
  
  e1657ca239bcf53f60dd622a8476d51b8df3c2a3169f7b6082142942560627ed
- SHA512
  
  d5a72e2aa0170d3fa41dd968a5f5e70a568c53d5449fbd0788ad016da0b6e1f1caa2c45cfdd7fdcf0a23205150e6578d25ed215b313de8dcbdae1b3a2e67bce4
- SSDEEP
  
  49152:HgOAiiYyqR/bydBcqWHQqCcTuXK1IgNyyPzbrQRRKQjO0pGIaXKmBWDrGZYAYa+H:Ann2+Bcp7uWhYHI0FGGVwtCdW2
Score

3^/10

discovery
behavioral4
- Target
  
  data/cam.apk
- Size
  
  7.7MB
- MD5
  
  a8c5b0d86b8dd513bd20f5b9a9606882
- SHA1
  
  bde5786b680a755aabe94f6ad3b17fa8f97f0432
- SHA256
  
  fe854c096ae40097e867272ebac8c77c03662b361dd9c2f97223378e1ef443b1
- SHA512
  
  49a7224c0f075e9c0b8b25f08904aa060a6c731eca5e57197f87fa29ba5bd62e3fc0f3bde7f9b773aaf8b7ff7cd4bd6f169a6fb0733347487f961efce09c9035
- SSDEEP
  
  49152:3hJpR+H2tGU6RjmeHbrrDgAG3i75CBLL47/Rm1U2NHcANa5yiS/ojZrjHLV5ut50:3hJpR+HIGUeHbrjh5sXSWa5ZfLfgnjM
Score

3^/10
behavioral5
- Target
  
  data/com.apk
- Size
  
  427KB
- MD5
  
  8ea07466489e3346d473292b1167f1a8
- SHA1
  
  b452d845a2464a9d9f51434cec472bbe51cb12d0
- SHA256
  
  0230ac76554c86822131b8b1c63f8c4e125d6f2aa28319e890bb383167e30b92
- SHA512
  
  d6ecd60f1a6034104e01da98d68683a4dac373871dba4f70fa3b60b76f656a602da26743c6dd9159ab02dc05080fa451d3cfa57c4eb12c32fbc6972d67b6b0be
- SSDEEP
  
  12288:dh3+GQh3j+MMGFeuEpo5yf3nFha1UyDCxhSUyf+E1A9X:dh3+GQhKsapECXSUYb1oX
Score

3^/10
behavioral6
- Target
  
  data/fastboot.exe
- Size
  
  1.7MB
- MD5
  
  07e74ee8a79ce693b3925737fee89629
- SHA1
  
  2be35f19051d2f477ef568241258c706f366bfef
- SHA256
  
  9b9281147b9a79ef7e28b9d6856771933fc08debb33861ce298b3eb9c21715b9
- SHA512
  
  2011d338c8e8be770a81252570321a0da4291fbb78877ea1d59f0609ca12cbd6d31a18accabe57348dd42597e27cc3e310f547c9bdad251028a51cd88cc26639
- SSDEEP
  
  49152:Wv8A9F7dcKJs4EyIUxqCckbu6MBn3E/c+t3fhxl:Wps4EyJHb88cMl
Score

3^/10

discovery
behavioral7
- Target
  
  data/frp.bin
- Size
  
  10KB
- MD5
  
  e4276f6d395264b80b73d91ea4ae7f3f
- SHA1
  
  8ef89c5bc7cbeb665ce942a9a779c438cc98925c
- SHA256
  
  e8a17a001d62039b8cbb579e5423d3cd699d933e8ba60b437a0b654681c62f4c
- SHA512
  
  df9aa823cb3900b91a492c31f806900ce6d0ea01a86746b130a7b928127bf41cfcac8e67ca1eeb0a4aa221b64b9ca99623e5b101ca25fb2271667c04abda7135
- SSDEEP
  
  192:bTwzhl8au4RAnZSSaLZoQwrzoKUZsBm70kbZYqX8uhXK7CpAcpW191Po0JpCQc5:aHu4wZb1oKF2Jdha7CprpW195o+9c5
Score

3^/10
behavioral8
- Target
  
  data/libusb/x64/install-filter.exe
- Size
  
  43KB
- MD5
  
  a16f041c87529221c86e16124c7e9add
- SHA1
  
  e4933d7fc395b397db9aba78b05a2a490622c7e5
- SHA256
  
  df2abf387893332f28c4df68b10a6b176dc9706142055dccccf447f5a9cede2d
- SHA512
  
  972eb4a6cf96692ae0ad43b42a6d418406aad5539451b4e24e564b89a347a9fc8ee5572d9b876d9de7b72192ba70aa114e8de9d721b37af9c169503aaef611e9
- SSDEEP
  
  768:9NutDn4dFG2wgAVZ8xFxnR0JG/3V/y75cg3AmQbT4gOcB4DrTer3np:9Qt7yF9w0nR0JG/ACg3o34gv6nQ
Score

1^/10
behavioral9
- Target
  
  data/libusb/x64/libusb0.dll
- Size
  
  74KB
- MD5
  
  1d8215f7f8cd02a553499b534ccfb4d5
- SHA1
  
  bab236f840f1521c43bcbaa2a7b92f14f329bc70
- SHA256
  
  4f18b5d2c28aa66b648c8683c6d09b52b92cbbee85984bbefad5f38a64bc2a14
- SHA512
  
  79ef4b25f16b2f2f37605298470ba9c4600e724e4b52d589add7d48816f656b93c082b5c65669e50e0546865063a068d26390e6ec7fbab66c3726e49a3779d69
- SSDEEP
  
  1536:4Z4LV/bEtayHescyznkmrCvsgAM0vtPJZ9ivaaC+ziia3:4ZCxbEtayHpnkOBMmtPJzivaIO
Score

1^/10
behavioral10
- Target
  
  data/libusb/x64/libusb0.sys
- Size
  
  51KB
- MD5
  
  16e18ced459b1824234890386ee66cd5
- SHA1
  
  81d2b572ec0d24aba11ed6bfa9174ffad54140b7
- SHA256
  
  8058f2afe6ef96a7d2ded432997fd8655970c9ea75a938ee4557d6a2cb4cc989
- SHA512
  
  b0e67d040d39f043305b0c172906bbea8341f1326108f5c5a0379cd6b287d62cbd86270385713d0f6a14c5106a5a6c23f6247a303e6124cb3e33982978505c98
- SSDEEP
  
  768:HFXl2LF1UHgnnhe8178WtnYhD+icqO3cp3RtR7QnC+ziX7BE:yConbt8wifuQRtR7QnC+zirBE
Score

1^/10
behavioral11
- Target
  
  data/libusb/x86/install-filter.exe
- Size
  
  45KB
- MD5
  
  1a534450750eca1f3d951def8d9965bf
- SHA1
  
  7dd82b6d52a840c4979a7515fc7a9ca3725363c4
- SHA256
  
  5e84d13636fbce7869cddc8b20c7d83fa0063e98c319e8e5ab751edc9ee1da76
- SHA512
  
  3acdfff24a4d9ebb4e9647afccf95f33b4580980fb35a91eff65a01ce470b0bbc1a3a27c476653911f1fa431757ca64c945da89da54bffa599744f29123ef715
- SSDEEP
  
  768:Necy9908dqax/5FdC72/WkFkwUEihlLBHCnp+KCI:Ucy9Pn/LdnFFlUEulEl
Score

3^/10

discovery
behavioral12
- Target
  
  data/libusb/x86/libusb0.sys
- Size
  
  41KB
- MD5
  
  c8c9800179af00c90629514e30873d80
- SHA1
  
  9438573aee178c68f49bfa5ad71132d06c4dfa9b
- SHA256
  
  aa7d75a4d01b405aab7c848674bbed392b64c6e374e20fd72adc3c96294e2f00
- SHA512
  
  1db533b4ed8e4ae2ff55ef8b93b9186e30f8711e91bf07051c70423bac76d8ef29ebe578483029f83dcb619f94fd8abf453aab78328a876fc88188671be522c2
- SSDEEP
  
  768:Wlqi7sKYNXhDedEP4ofzGTdJ0q7KC+ziB9Kds:yZQlem4Qemq+C+ziBkds
Score

1^/10
behavioral13
- Target
  
  data/libusb/x86/libusb0_x86.dll
- Size
  
  142KB
- MD5
  
  8145fa60f4a03ebea156df68f8c6f948
- SHA1
  
  3cf02457805ea647bd6153bc7401521a94eacc5f
- SHA256
  
  4eeabdd57ca7b7028e3981c43fb92494f93c752c2032cf33e0ec9da01e3e4a9a
- SHA512
  
  ea9c6c28a7ca5d112ab12f437495c079ab25243cf33d86098ea34683ac6d7a270dce8df5371ae9208c25917d2e249c7cb2584f95ea1f2442fba92e1673ec30cf
- SSDEEP
  
  3072:jzwLjtSIiRsjNh5IlmBA2lQBV+UdE+rECWp7hKh2Pqt1o:jS0nREAKOBV+UdvrEFp7hKsD
Score

10^/10

floxif backdoor discovery trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral14
- Target
  
  data/loader/079fc51e57460e4ea9ccc9c98d08ee4728a1109c.bin
- Size
  
  448KB
- MD5
  
  406421add08d335160de789bb1a5d100
- SHA1
  
  f80740128f535728a749ad77096e818efe6c80a2
- SHA256
  
  05ac3fce76dbd7617d85b47cf322b75d6362ef1ffeb896639ed8b23fc0c11ce5
- SHA512
  
  68f22079001eadbf2626e472976ab49a09ec9ca48a5323cc462e8a80362aaff8ccd88428ef06a52d409813f002392d0c08321949bd3fd0288de0f919dba1c153
- SSDEEP
  
  12288:E3HwGIRSEV2BXOg9QmNl50naC1bhxkVSaSoPV34TFW9:/SEV2jL2kxSmW
Score

3^/10
behavioral15
- Target
  
  data/loader/27f620d71722f964eb2ccc1c0fb7fcbd48d4e79e.bin
- Size
  
  432KB
- MD5
  
  26120c829cbd2c34fdd9a6cc3e5780ca
- SHA1
  
  cc58ac017ebfed55795733c106e7c6c89ff48f0e
- SHA256
  
  9aec3e68331a3cd230ddf878a5a322e4c85812a6f4982b8ec86df5207c2c6eb6
- SHA512
  
  6daed2a3a1b07638989bdd45ad76f9c2a8c63a3b10fd12e3dcb7f4a5bdc98de6c0e3be8f81a9db557470f0cd8e605541714dae718510da447fe3ea13cd226de4
- SSDEEP
  
  12288:xUSYLmBP+dNE34/DlLDCM11rIFDHGyYThW99:odNEehV1BIhHzu
Score

3^/10
behavioral16
- Target
  
  data/loader/48a2c64ef41761a8d84c9b14b44c5a437f5c2250.bin
- Size
  
  432KB
- MD5
  
  bdde18137c9684cdf77381f66dbb803a
- SHA1
  
  9ac5c94fd3e9eb853e738298e707053976e68c19
- SHA256
  
  5c41d24178e1c8f5cafd29789b2391d97966c0f12cceccf07c087e6ca7c38cc3
- SHA512
  
  76fa41c5d7a4d9c4432d674870e5e143892daffe971a9ba289b949a99a9ad768a50afe0484ba62700cc55a99e80c5bb298a3fe772959938680da76a011ce3318
- SSDEEP
  
  12288:GUSYLmBPiBNE34/DlLDCM100gWIP2yYTPW9f:VBNEehV1Bg3PDo
Score

3^/10
behavioral17
- Target
  
  data/loader/4f2ee5147615362828d1e1c23b0a42c7de646515.bin
- Size
  
  424KB
- MD5
  
  e89c3cafe8e070d0bd9a83c4561a71de
- SHA1
  
  539c196e28959066c2564a8e0a35db9a0fd72f60
- SHA256
  
  824e97acaebdcc0b5661ea566d4b9c7d580749208230ed508b82512468fe3441
- SHA512
  
  afd0673a845fdd37c24fb9ab50bf070f71c0ca7b17bd986234031c5b44dab5c7ce7f40767fc988e64a4b2e70cc93bf5d43b936904187390f5cb92790435aa239
- SSDEEP
  
  12288:ZO4KKdnzySBaOKIQN5slyo0qyHSGuICcXnqeUJkW9:FzySkrsGvCJeJ
Score

3^/10
behavioral18
- Target
  
  data/loader/58e8fc27a8543e11fd2ccaf98fbe261448bc8aca.bin
- Size
  
  432KB
- MD5
  
  94b32ec7ed7c0a4f57ee91a62694dca0
- SHA1
  
  a3f185fb80baca8f7da1695242d0e771639eea5e
- SHA256
  
  877b0017f1a17eeeb32c805fa2bd543078946b0f266ebd8cfe0a6c23889de2cc
- SHA512
  
  024bf6086e438473bd7d1ca60047cb1167bc833c39d94f96ee0ecada6f37cf7eca02c26a403310fd24dd417cba6f1a78ecccbd16f85059563eac4f589481e951
- SSDEEP
  
  12288:KvzaYx6eBR3KXfhDLc5dusF9t7rJLyCW9L:CBRAh6dXFv791
Score

3^/10
behavioral19
- Target
  
  data/loader/66ff4d4b730cebb967383a650b7cefbd8d681c57.bin
- Size
  
  432KB
- MD5
  
  e3597190d113411e1cbde6b29d59da94
- SHA1
  
  6b18d70aa0ae1041b0cb311ae35ebfd0aee6c69d
- SHA256
  
  2107a6f06c1f19ff561b325f81f7d6b9a210c73bc3a77ba664ec841407e22d03
- SHA512
  
  3e3185aa242436ca7d8de12f499083d9122db63a4e2676d1e3e8bd203755b886ee2826eb39de19be3a477573720d4c66185053b5b0e5b5d291b891c17a936f9b
- SSDEEP
  
  12288:hq4n3RWN5fXIJ4JGPyFbqFAv/oT9xGW9h:G5f8p6FmFa/Uy
Score

3^/10
behavioral20
- Target
  
  data/loader/674ac4a88d37e0cc585f310e53df597d8ad88c43.bin
- Size
  
  424KB
- MD5
  
  4fb68a5169eb4034271d18437f0cfd84
- SHA1
  
  f37acfe9cccc3035ca6370c59bc144dae4d064f6
- SHA256
  
  eefb3e649f71237c1e8c370d3c0f0a3d5ec29e9a6d9388522944422702cb6086
- SHA512
  
  a265a3172b587e25e75938996448afedf5c2d0b8601d4112e4347ee37fa264ef5b862155bd1e35cd5dc23c4c7b4caba052613beffef3060ed4a8f99b7b1091fd
- SSDEEP
  
  12288:OSUOK87qrcBsOfIg8LElyMMTovwmHTj415R5ty9W9:9qrc/eRmH/4vQ
Score

3^/10
behavioral21
- Target
  
  data/loader/88e16eb57235e6a900dac581d6c2bc463f7061cf.bin
- Size
  
  643KB
- MD5
  
  05ef0ce7a7bdfdb2720b673e63e6aba3
- SHA1
  
  64e74bb1e21d3df27fd4dc7c6da9c855e578978e
- SHA256
  
  defbc9219b85e4bed1bb925cc88943c132c0df4d76fd66b520bc39d0fce2c3ef
- SHA512
  
  4c58e5c8e9b9710809bf5c4b164f3e78677fe21c030f9b26f03151101f91d54c6c9d57e78753b1828aaaf7816446e68ac4691623111803e7d4679e10287448cc
- SSDEEP
  
  12288:3fKKE85FIlN7HWo1wJio4aASB6Ka1gJ6TfE5++OsON67v:YRlN796NASB6Keu6d+OfN
Score

3^/10
behavioral22
- Target
  
  data/loader/8ae23cbdd3b5f3ee9037c7377ffa2dad8bf7c036.bin
- Size
  
  406KB
- MD5
  
  1591976af66042714d647058da66769d
- SHA1
  
  f7179cdd8de41b4714f17c61cf9628c8000dd284
- SHA256
  
  dbb80135b4017282a181d2b0c13cebe8f1239b114756ede99083424f8426e424
- SHA512
  
  f831372a910ab30fc7d4daad9112081607dbd448e97b65babf17b13090e3735f460b3a61f2a1caec0e569226a60dd75aefc352674ff7b791f6b8cef40120bd22
- SSDEEP
  
  12288:HE7qVYszddB8O8eAvxJEnO5+6/O9PHoZ8OpW9k:HE0zdd4nFW/cH
Score

3^/10
behavioral23
- Target
  
  data/loader/d1a8e970429c5e6795db98bd3cadbdeb879a392c.bin
- Size
  
  406KB
- MD5
  
  2c2745cb2de08c2e0df77093d2d5da98
- SHA1
  
  16ff8112aec9b4a179a53cdc539346ca41a006de
- SHA256
  
  c7c1bce40efb53bf5688126fbee96b6ae7997b288b742db15fd96d4143a7f5b7
- SHA512
  
  5f9c9b331e4fdff98e30ba209f17d732a25fd9c008c51dcd85f1ccdeeff4ac30c5a0ae84387e82d37dee49a794ccbd3ca78733ace6e3f97587486b084d497324
- SSDEEP
  
  12288:MKVYszddB8O8eAvxJEnO5+6/uBPHoZ8OlW9U:Rzdd4nFC/wX
Score

3^/10
behavioral24
- Target
  
  ycLcp.dll
- Size
  
  278KB
- MD5
  
  f14d3fab5520279bbc102a0e45ef7887
- SHA1
  
  62679d42cd01d2f0be0bce8265969bb57304b0c6
- SHA256
  
  f7b7cc92637963395ff65fa0f53627f1db4a95fb549e0ea5af06222a653fb7a4
- SHA512
  
  c38e73b8c7cc31fdca605535c10d6fc0f85d9876d1c125886414f34b626c5ce42889954a6b2f4945cb4dab575c8687f16017818ef32a1547af936c991052de96
- SSDEEP
  
  6144:y/f0kqNnzjx2X5AlwK50iEOs+1vbyMBg8vbXo5/079FnfO45UyS:y/f0bfu5Alwh+lbyyg8DXo5/079FnfTP
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Floxif family

Floxif, Floodfix

Detects Floxif payload

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25