General
-
Target
2025-01-01_6866a12eb2b03047f2b006b533e3e552_floxif_mafia
-
Size
2.5MB
-
Sample
250101-pj1wxsxkcn
-
MD5
6866a12eb2b03047f2b006b533e3e552
-
SHA1
1b72bcec95d4065b7d9a08db8bbce68aa4ce97a7
-
SHA256
fa3b07ddc04462c9e5dded7fab75de2f9e6b97c4f1ad7af46b340d31091f8d8c
-
SHA512
fcee77e538a40ba4d7484e7767de48328e141e6384b51e5a595aa010a05db5c028458b3cad6dd3b2637ded9a8ccd694d5d80490b44e95e88a00af8a2a6590c6a
-
SSDEEP
49152:tuIIK4ofs2hPd2l177BTK2VbDsar1YDjZ:tjpfs2hPIl1/u
Malware Config
Targets
-
-
Target
2025-01-01_6866a12eb2b03047f2b006b533e3e552_floxif_mafia
-
Size
2.5MB
-
MD5
6866a12eb2b03047f2b006b533e3e552
-
SHA1
1b72bcec95d4065b7d9a08db8bbce68aa4ce97a7
-
SHA256
fa3b07ddc04462c9e5dded7fab75de2f9e6b97c4f1ad7af46b340d31091f8d8c
-
SHA512
fcee77e538a40ba4d7484e7767de48328e141e6384b51e5a595aa010a05db5c028458b3cad6dd3b2637ded9a8ccd694d5d80490b44e95e88a00af8a2a6590c6a
-
SSDEEP
49152:tuIIK4ofs2hPd2l177BTK2VbDsar1YDjZ:tjpfs2hPIl1/u
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-