General
-
Target
2024-12-29_6d56a44d765374dfaaee308eebf773f5_floxif_frostygoop_snatch
-
Size
4.2MB
-
Sample
241229-g8d5fsvpew
-
MD5
6d56a44d765374dfaaee308eebf773f5
-
SHA1
6eae2296d6228016e5441c61c69f93a8b7f49519
-
SHA256
e80d891f27afe6f6c201b643ad63dcde2999b34d1293e66cf559789929f23634
-
SHA512
deee05211d46f1581a4661027b6188ef1e386f1fd42337c24f5c314771b23904d646bc3935386e8c6f6bfea3e4d13bc6c19d024ab1fef44ccfb420fc0cec7c84
-
SSDEEP
49152:ERs2r1IDqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZ2fJ4klKXnpE:0s2SuyEme4fOTwq2iOLkQm2fJ4kh
Malware Config
Targets
-
-
Target
2024-12-29_6d56a44d765374dfaaee308eebf773f5_floxif_frostygoop_snatch
-
Size
4.2MB
-
MD5
6d56a44d765374dfaaee308eebf773f5
-
SHA1
6eae2296d6228016e5441c61c69f93a8b7f49519
-
SHA256
e80d891f27afe6f6c201b643ad63dcde2999b34d1293e66cf559789929f23634
-
SHA512
deee05211d46f1581a4661027b6188ef1e386f1fd42337c24f5c314771b23904d646bc3935386e8c6f6bfea3e4d13bc6c19d024ab1fef44ccfb420fc0cec7c84
-
SSDEEP
49152:ERs2r1IDqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZ2fJ4klKXnpE:0s2SuyEme4fOTwq2iOLkQm2fJ4kh
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-