Overview

overview

10

Static

static

3

2025-01-05...ys.exe

windows7-x64

10

2025-01-05...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-05_bf7cf323c49635841fd66afc0cb6064f_floxif_icedid_rhadamanthys

  • Size

    1.6MB

  • Sample

    250105-pkx7estpcs

  • MD5

    bf7cf323c49635841fd66afc0cb6064f

  • SHA1

    95da0e5607ce656f354ce15a67563010f13924ae

  • SHA256

    30672d8c9620ce5a1ca52d690a542e09d9a089333f2eec010f21cf059631d3d5

  • SHA512

    6173ee5f9b4f0eb016bca1d1482a2450f122d937d4839fc8041774d27ce5013ecd098f31c656421bdbaa0fdc4dcf1b8ee03f27301207bc871cb361083bdc1573

  • SSDEEP

    24576:6ck627dU4KY5GABkuwPKzh0Em1xmvdmc5C65Bwbg6a5fQE4UJ0IiGmOjzbdiNrEH:6Bk5Whtm1iYMpPcG0Ii0b

Score
10/10
floxiflummabackdoordiscoverystealertrojanupx

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Targets

    • Target

      2025-01-05_bf7cf323c49635841fd66afc0cb6064f_floxif_icedid_rhadamanthys

    • Size

      1.6MB

    • MD5

      bf7cf323c49635841fd66afc0cb6064f

    • SHA1

      95da0e5607ce656f354ce15a67563010f13924ae

    • SHA256

      30672d8c9620ce5a1ca52d690a542e09d9a089333f2eec010f21cf059631d3d5

    • SHA512

      6173ee5f9b4f0eb016bca1d1482a2450f122d937d4839fc8041774d27ce5013ecd098f31c656421bdbaa0fdc4dcf1b8ee03f27301207bc871cb361083bdc1573

    • SSDEEP

      24576:6ck627dU4KY5GABkuwPKzh0Em1xmvdmc5C65Bwbg6a5fQE4UJ0IiGmOjzbdiNrEH:6Bk5Whtm1iYMpPcG0Ii0b

    Score
    10/10
    floxiflummabackdoordiscoverystealertrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks