floxif | 914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5 | Triage

Submit
Reports

Overview

overview

Static

static

1

914fe4dc6b...c5.exe

windows7-x64

914fe4dc6b...c5.exe

windows10-2004-x64

Sharing

General

Target

914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5
Size

162KB
Sample

241230-hl48ss1lhn
MD5

0f3f071a1870551051fd3990b73cfcb1
SHA1

63cd5b94eab0ba93d03cda41b07d81203514e2e7
SHA256

914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5
SHA512

76bd2e10faffc0246985905294ee99bfa8471e0e3129b59a0453f544a21d7cc2c8e5178b03addb7f92a5bc15251b193e2d983cf2621fccdaf413f268ef467ec7
SSDEEP

3072:GCfG7WoPRJ2xIGFn/7Cv2giznhFgrq2lQBV+UdE+rECWp7hKjbu9:GCfGdJ2Pu4/5BV+UdvrEFp7hKjbu9

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5.exe

Resource

win7-20241023-en

floxif backdoor discovery trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5
- Size
  
  162KB
- MD5
  
  0f3f071a1870551051fd3990b73cfcb1
- SHA1
  
  63cd5b94eab0ba93d03cda41b07d81203514e2e7
- SHA256
  
  914fe4dc6b544b784571fab78d32b027363790597515c55face97b2c34012bc5
- SHA512
  
  76bd2e10faffc0246985905294ee99bfa8471e0e3129b59a0453f544a21d7cc2c8e5178b03addb7f92a5bc15251b193e2d983cf2621fccdaf413f268ef467ec7
- SSDEEP
  
  3072:GCfG7WoPRJ2xIGFn/7Cv2giznhFgrq2lQBV+UdE+rECWp7hKjbu9:GCfGdJ2Pu4/5BV+UdvrEFp7hKjbu9
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy