floxif | 44e17649c683821618ca82d89fb633400f989f92ca8d14913fedfbb395a79d40 | Triage

Sharing

General

Target

44e17649c683821618ca82d89fb633400f989f92ca8d14913fedfbb395a79d40
Size

242KB
Sample

250101-2eejcazqcl
MD5

5a0f2f92ae252662e965b579232d7dfd
SHA1

eea23eabe5795016e56e7e046a5ac124b9fd5030
SHA256

44e17649c683821618ca82d89fb633400f989f92ca8d14913fedfbb395a79d40
SHA512

58eaf336d3b3864744820fcece4d6e0df12b73e71488781f298ec467a5343fa56b3febb03d0efc4b422cb74c3cde5c478e08f1d71d2101e272c1b1b76a10cebd
SSDEEP

6144:tT2oGedCwInf7yDasJsDUkf+BV+UdvrEFp7hKci+SzyL:tT2kdCDqanBGBjvrEH7Di+OA

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Malware Config

Targets

- Target
  
  44e17649c683821618ca82d89fb633400f989f92ca8d14913fedfbb395a79d40
- Size
  
  242KB
- MD5
  
  5a0f2f92ae252662e965b579232d7dfd
- SHA1
  
  eea23eabe5795016e56e7e046a5ac124b9fd5030
- SHA256
  
  44e17649c683821618ca82d89fb633400f989f92ca8d14913fedfbb395a79d40
- SHA512
  
  58eaf336d3b3864744820fcece4d6e0df12b73e71488781f298ec467a5343fa56b3febb03d0efc4b422cb74c3cde5c478e08f1d71d2101e272c1b1b76a10cebd
- SSDEEP
  
  6144:tT2oGedCwInf7yDasJsDUkf+BV+UdvrEFp7hKci+SzyL:tT2kdCDqanBGBjvrEH7Di+OA
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/execDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  55a723e125afbc9b3a41d46f41749068
- SHA1
  
  01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
- SHA256
  
  0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
- SHA512
  
  559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
- SSDEEP
  
  96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/newtextreplace.dll
- Size
  
  11KB
- MD5
  
  b5358341df2cb171876a5f201e31a834
- SHA1
  
  df34750ea5504274be5ff8ddd306b49e302d04f9
- SHA256
  
  156b9b583399faf13c4d46b89339fb0f7f38dc847ac2d7872178d8e3998b9734
- SHA512
  
  821dc42e24fa2d44a1d4d16b26c3da2688dac0fa44a266e38da2aff706c91440d83a87abc74131930e6c38a44a0c5e627db2d045375fde147e0edd3276f4b014
- SSDEEP
  
  192:GGhRfigbU26niqo9m+9k15AA1NrW0QfaDx3nxNLr6s+:GIwgSnhv/IaDx3n6X
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  675c4948e1efc929edcabfe67148eddd
- SHA1
  
  f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
- SHA256
  
  1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
- SHA512
  
  61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
- SSDEEP
  
  96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  29KB
- MD5
  
  2880bf3bbbc8dcaeb4367df8a30f01a8
- SHA1
  
  cb5c65eae4ae923514a67c95ada2d33b0c3f2118
- SHA256
  
  acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
- SHA512
  
  ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3
- SSDEEP
  
  768:HsKZwhFkGOr0Ga4+8DFFHR4mmw5+64fuKwX13:HLKmGOr0Ga4+8DFFHRrmw5+m
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14