floxif | fc708666be9cd952b23acaaa51c2ef9d920002d5b901d5213a430bc18db625bf | Triage

Sharing

General

Target

fc708666be9cd952b23acaaa51c2ef9d920002d5b901d5213a430bc18db625bfN.exe
Size

738KB
Sample

250104-z7x52sxqgs
MD5

d5ff520190936df131cbdf3640950d10
SHA1

c4d020c45c708d6503bbeb6b723d94ef1801aa82
SHA256

fc708666be9cd952b23acaaa51c2ef9d920002d5b901d5213a430bc18db625bf
SHA512

ba243af338680c2628cfa37bbd70096c66bca29f6c5ea1feecb7c2b906eea65fc09e9c1fa029a1a92b373e36aba3f6219e99d2d8e84bb6bfeab5f7b8e294bba6
SSDEEP

12288:liZ/jUFF5X8dNNKyVnE9OnFoCUBskBIA4YGiRatmAYzeFjBjvrEH7op:wZ/jU+LKcE9OF9NkBt1k7ceF5rEH7op

Score

10^/10

floxif backdoor discovery trojan upx

Malware Config

Targets

- Target
  
  fc708666be9cd952b23acaaa51c2ef9d920002d5b901d5213a430bc18db625bfN.exe
- Size
  
  738KB
- MD5
  
  d5ff520190936df131cbdf3640950d10
- SHA1
  
  c4d020c45c708d6503bbeb6b723d94ef1801aa82
- SHA256
  
  fc708666be9cd952b23acaaa51c2ef9d920002d5b901d5213a430bc18db625bf
- SHA512
  
  ba243af338680c2628cfa37bbd70096c66bca29f6c5ea1feecb7c2b906eea65fc09e9c1fa029a1a92b373e36aba3f6219e99d2d8e84bb6bfeab5f7b8e294bba6
- SSDEEP
  
  12288:liZ/jUFF5X8dNNKyVnE9OnFoCUBskBIA4YGiRatmAYzeFjBjvrEH7op:wZ/jU+LKcE9OF9NkBt1k7ceF5rEH7op
Score

10^/10

floxif backdoor discovery trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  8286932178460462a328d2bae8c7b0a5
- SHA1
  
  8441135f3d92f48e41f359c8c249bc8129a1e79e
- SHA256
  
  05dd0895a332e490e697cdd0830b227836e852a83201fe893f3929271b63dd6c
- SHA512
  
  1b39d51250316b5ec11d05312fd47a2ff87e93562032cc249f9a69563741f6bd32ca995bf9da310380ee6a854a41a121e5122c4a3e9c36fac3b0ecb8d1cc4174
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  75e7351a0f836b8659e6f315683c29f7
- SHA1
  
  66b733d1c978d68cadc245e7efbfcae32807429d
- SHA256
  
  7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee
- SHA512
  
  f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  21KB
- MD5
  
  2b342079303895c50af8040a91f30f71
- SHA1
  
  b11335e1cb8356d9c337cb89fe81d669a69de17e
- SHA256
  
  2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
- SHA512
  
  550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47
- SSDEEP
  
  384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  ca6a20e4e35d2abbc99de1c383356029
- SHA1
  
  48858707a4e2fe69688c77dbbf834c2a5d5c363a
- SHA256
  
  a6e32c90fb047e860cbe44355b573923d5950ddcf76ba7eedaf69f41d0dc3e21
- SHA512
  
  feb46e5d859b4e6c47209f7b184aebb08248ddd4ed26b2501e380238e90dec2ce3a285261256eb21db97585510c969fc261d3c9a1952153f5cdd572db38088c4
- SSDEEP
  
  192:/MBzn2/g5R+tQgBqUFGfNUsewLvZ3yi9uD4spERceMSFCnfnLgWhPKSsDEWF:/MBz24+gUUfJLrZ3y0y4sccuFCfLLR
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a78507ea1078cadaa8b2ec1a2e1d874f
- SHA1
  
  77fe20488444ebbaafc5b2c0743251a94edc3b8e
- SHA256
  
  93d1e681daebfd24ff9fab3952e8ae94eddbdfb3650937988c1fd8085991610e
- SHA512
  
  0399452c7305f23576d4175ec198ad8da8a530215e9304632b20bcb41a38fa0ba2c1c0b0b734b9f887851c92c7f2cf4cdfad403ace84e63318c0694402e1f270
- SSDEEP
  
  192:8trS5c+oKreH53n2fUC1lfeTf9OJCzD4/IVqh88GrgU6H:/jrd09O3/IcG8U6H
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  e301e0184786c5c75b4b34e4d04608eb
- SHA1
  
  02382247eeec365f3b47518efe0a8f3a896f28a3
- SHA256
  
  02869a0f0b3826af1c859e57541b38869c506fbbf15cc5ca28edbe18776aa3b5
- SHA512
  
  3dc744d2f92dc6fb13f9f431a51fdad39bbcf863f273d5f203c729111c120586e96ea0e79f5c5fe821d3f67ea34f4ab6abe88cdde84e9e09da92d1e7a109d982
- SSDEEP
  
  192:c7ABMfTa1iCY1SO8K4i7U3M08/8Z+Qt+5GQcm5XPe/t:c7uyTa1iCYLT7WS8nm9P5X21
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  d212f35e09d323d31b3e53c99e34855f
- SHA1
  
  af0769bd28110da9108dae89c271e3df86ee8629
- SHA256
  
  33e1b7930aa19878b1dd0184a5184a8f3f9043ed827aba3e54e34cd5888dfbd5
- SHA512
  
  684a3c70c87e3145a9ce10c585baaa681d5f3967056caf0f8d4ef2450791330637410b4d6ea6d2b9e576f5c28c8571c573900d0595d20658760f5155ee89e134
- SSDEEP
  
  96:psFzDFbUDemIOelnzrHAjK3Rk61K1heTkUVtM1Sl1WVvVLm:psaDemIPzb0gqZheThqw1WVvVL
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/w7tbp.dll
- Size
  
  2KB
- MD5
  
  9a3031cc4cef0dba236a28eecdf0afb5
- SHA1
  
  708a76aa56f77f1b0ebc62b023163c2e0426f3ac
- SHA256
  
  53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
- SHA512
  
  8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  118KB
- MD5
  
  42df1fbaa87567adf2b4050805a1a545
- SHA1
  
  b892a6efbb39b7144248e0c0d79e53da474a9373
- SHA256
  
  e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845
- SHA512
  
  4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d
- SSDEEP
  
  1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $TEMP/ChromePortableTemp/7za.exe
- Size
  
  796KB
- MD5
  
  90aac6489f6b226bf7dc1adabfdb1259
- SHA1
  
  c90c47b717b776922cdd09758d2b4212d9ae4911
- SHA256
  
  ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549
- SHA512
  
  befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d
- SSDEEP
  
  24576:HWdp+y7/ya3yc7tfBA6rDUzfKrBxEATB:up+fa3rLA6s+/
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  ChromePortable.exe
- Size
  
  89KB
- MD5
  
  1e600ed4b1ace18ab92d607a3fefa3ae
- SHA1
  
  7c2286db473e00bdc3e60bb74377a478497dc321
- SHA256
  
  c3ae5472b9f985e07c5d1af541778fdfd6b1dd76574d353400266d708ad1d170
- SHA512
  
  3d155f55d359f55df1bfe60ed210a1ec8c2d02392f3ad615d679dca98bef03f446e087347b8877e97ce0902de7aa33f3c41f1c88585db7f4f39ab57780655438
- SSDEEP
  
  1536:wPzUmdx2gahvwPBW7rfoOcWCRK67FAnp3LBT5jl1oO2yxrcszoyRCWbquJmS:wPzUQ2gyYqrf5cRRK6qnp7B3CjiRsMCq
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  8614c450637267afacad1645e23ba24a
- SHA1
  
  e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
- SHA256
  
  0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
- SHA512
  
  af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  2ae993a2ffec0c137eb51c8832691bcb
- SHA1
  
  98e0b37b7c14890f8a599f35678af5e9435906e1
- SHA256
  
  681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
- SHA512
  
  2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
- SSDEEP
  
  192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/nsisFirewall.dll
- Size
  
  8KB
- MD5
  
  69f2e8c6fd141e9e720b2c4c366a8154
- SHA1
  
  a6279d93a102b6d7608dced32a36ddcd3e51994c
- SHA256
  
  2e204ee4f1d12b4ca35c8205cea0cabe354f2e79a471863cfb76a7cee83cf107
- SHA512
  
  bf23a5f3ce98e6a1c04fe8ae6b6f385483ceed62470cd109017c97f37c23adbf0203bfb43d09b007c6925aeb5da9617f33bc5c478618f00cc91da83a48cacaf2
- SSDEEP
  
  96:KCQjg8aCpUcmloiwmXaYY8NVxIYn69TEdUc1ND0RrXQAcuAtoFrJxalMu2k:KCQPeip58NjMNWND0RrXYuAWkM
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverytrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32