Overview

overview

10

Static

static

1

2025-01-02...if.exe

windows7-x64

10

2025-01-02...if.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-02_3309d662a6163e21d98f7103b5db97f1_bkransomware_floxif

  • Size

    4.7MB

  • Sample

    250102-mj79wsxqb1

  • MD5

    3309d662a6163e21d98f7103b5db97f1

  • SHA1

    10141fac60ddd2322ef5c56a2d34e9e20f76ac08

  • SHA256

    86f99126e2044eecd5990853a083f1050b1493ffd8755fd51fe4722658bf169b

  • SHA512

    976d6740c66e6e75cc1efd0d1f20d262ed41de3f1b4402c070deef7f1e0be5adad60585c211b727683042c1f361deb1d8aa0b0cbc5af219298e9e80be43a267f

  • SSDEEP

    98304:kBe4Qbl9dRPenSX5gSoC20DHDB1dE46V3u/p:hXNenq28L/p

Score
10/10
floxifbackdoordiscoverytrojanupx

Malware Config

Targets

    • Target

      2025-01-02_3309d662a6163e21d98f7103b5db97f1_bkransomware_floxif

    • Size

      4.7MB

    • MD5

      3309d662a6163e21d98f7103b5db97f1

    • SHA1

      10141fac60ddd2322ef5c56a2d34e9e20f76ac08

    • SHA256

      86f99126e2044eecd5990853a083f1050b1493ffd8755fd51fe4722658bf169b

    • SHA512

      976d6740c66e6e75cc1efd0d1f20d262ed41de3f1b4402c070deef7f1e0be5adad60585c211b727683042c1f361deb1d8aa0b0cbc5af219298e9e80be43a267f

    • SSDEEP

      98304:kBe4Qbl9dRPenSX5gSoC20DHDB1dE46V3u/p:hXNenq28L/p

    Score
    10/10
    floxifbackdoordiscoverytrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks