General
-
Target
2025-01-01_5dc4d47204f1e26c256ab471c1d4a448_floxif_mafia
-
Size
2.4MB
-
Sample
250101-avy45sznaq
-
MD5
5dc4d47204f1e26c256ab471c1d4a448
-
SHA1
7a8eeed10c7d4ee6e1519afe399979ec0ba70f74
-
SHA256
e0abdc46ed11e047ec13ac55bf5d3f0a6bd73177a5d95f6ff21346c8ac849b60
-
SHA512
59bd804a23ea91e4537a471098a523f9d56e41dfbbff81add3b3f9ed9581ac72ee8ad97a2a9283d2d45f484b1fab7f80eced5324b833dd976d23dda24f1a6b96
-
SSDEEP
49152:7TuE7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31qju:uE7AfrlyutLxC3sEwwM3Uju
Malware Config
Targets
-
-
Target
2025-01-01_5dc4d47204f1e26c256ab471c1d4a448_floxif_mafia
-
Size
2.4MB
-
MD5
5dc4d47204f1e26c256ab471c1d4a448
-
SHA1
7a8eeed10c7d4ee6e1519afe399979ec0ba70f74
-
SHA256
e0abdc46ed11e047ec13ac55bf5d3f0a6bd73177a5d95f6ff21346c8ac849b60
-
SHA512
59bd804a23ea91e4537a471098a523f9d56e41dfbbff81add3b3f9ed9581ac72ee8ad97a2a9283d2d45f484b1fab7f80eced5324b833dd976d23dda24f1a6b96
-
SSDEEP
49152:7TuE7AkqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31qju:uE7AfrlyutLxC3sEwwM3Uju
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1AppInit DLLs
1Pre-OS Boot
1Bootkit
1