floxif | c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e | Triage

Submit
Reports

Overview

overview

Static

static

1

c47c08f9d9...4e.dll

windows7-x64

c47c08f9d9...4e.dll

windows10-2004-x64

Sharing

General

Target

c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e
Size

163KB
Sample

241230-dj99tawlhw
MD5

1c7659ffa430806fccca005f7ba6df93
SHA1

3b687ae692cf1c8bd545379beeeb07fed054aa92
SHA256

c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e
SHA512

6939a47832043780a75e27b536686076a37476b1946a9aa8c91a6678ed0efc9783f23d394340afab1f584f635880bc0a4b4fb54f7904dd05f7acb09bf54d9656
SSDEEP

3072:ryy9d6X81PIZyTmPP56e5lmeqsQvVqRlkM4OAD/KLznBuB2JA2BjaZBlwco:rFdz1PIEGieqsQvMRlkM4RD/qzMfUWBs

Score

10^/10

floxif backdoor bootkit discovery persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e.dll

Resource

win7-20240903-en

floxif backdoor bootkit discovery persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e.dll

Resource

win10v2004-20241007-en

floxif backdoor discovery trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e
- Size
  
  163KB
- MD5
  
  1c7659ffa430806fccca005f7ba6df93
- SHA1
  
  3b687ae692cf1c8bd545379beeeb07fed054aa92
- SHA256
  
  c47c08f9d9b2d8b8825b47215359ca017b33c5dd7eb0df6b6305ba5767e0aa4e
- SHA512
  
  6939a47832043780a75e27b536686076a37476b1946a9aa8c91a6678ed0efc9783f23d394340afab1f584f635880bc0a4b4fb54f7904dd05f7acb09bf54d9656
- SSDEEP
  
  3072:ryy9d6X81PIZyTmPP56e5lmeqsQvVqRlkM4OAD/KLznBuB2JA2BjaZBlwco:rFdz1PIEGieqsQvMRlkM4RD/qzMfUWBs
Score

10^/10

floxif backdoor bootkit discovery persistence trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoorbootkitdiscoverypersistencetrojanupx

behavioral2

floxifbackdoordiscoverytrojanupx

© 2018-2025

Terms | Privacy