General
-
Target
2024-12-28_11e8ce1c130f56c79b70751cd7669d8c_floxif_icedid
-
Size
22.3MB
-
Sample
241228-w4xtbszpbz
-
MD5
11e8ce1c130f56c79b70751cd7669d8c
-
SHA1
560ff3bdf4483fddbf948ac8e715d8cfaf2a42d0
-
SHA256
0806116764e3fe406f9f8905d43d3ffbd9af312ef8205de07acae8ebdb2d6133
-
SHA512
6f1d1c4584b18c3d0aab8821c7f22e558eecec356204a5a6cd92f361dad23041dc751c2d5083db210cf8d9117b1721b4012303ba2032e9e1e13ea514ca0b560f
-
SSDEEP
393216:GX9pjHs4737sM3HgVrAmIQoLd28A+a0r/DdXLnEsRgcHcqcp0q3WI28d+olEi:GX9pLsstBg89xDdbn8c8qk3N2QlX
Malware Config
Targets
-
-
Target
2024-12-28_11e8ce1c130f56c79b70751cd7669d8c_floxif_icedid
-
Size
22.3MB
-
MD5
11e8ce1c130f56c79b70751cd7669d8c
-
SHA1
560ff3bdf4483fddbf948ac8e715d8cfaf2a42d0
-
SHA256
0806116764e3fe406f9f8905d43d3ffbd9af312ef8205de07acae8ebdb2d6133
-
SHA512
6f1d1c4584b18c3d0aab8821c7f22e558eecec356204a5a6cd92f361dad23041dc751c2d5083db210cf8d9117b1721b4012303ba2032e9e1e13ea514ca0b560f
-
SSDEEP
393216:GX9pjHs4737sM3HgVrAmIQoLd28A+a0r/DdXLnEsRgcHcqcp0q3WI28d+olEi:GX9pLsstBg89xDdbn8c8qk3N2QlX
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-