Extracted

• • Target

    2025-01-05_bf7cf323c49635841fd66afc0cb6064f_floxif_icedid_rhadamanthys

  • Size

    1.6MB

  • MD5

    bf7cf323c49635841fd66afc0cb6064f

  • SHA1

    95da0e5607ce656f354ce15a67563010f13924ae

  • SHA256

    30672d8c9620ce5a1ca52d690a542e09d9a089333f2eec010f21cf059631d3d5

  • SHA512

    6173ee5f9b4f0eb016bca1d1482a2450f122d937d4839fc8041774d27ce5013ecd098f31c656421bdbaa0fdc4dcf1b8ee03f27301207bc871cb361083bdc1573

  • SSDEEP

    24576:6ck627dU4KY5GABkuwPKzh0Em1xmvdmc5C65Bwbg6a5fQE4UJ0IiGmOjzbdiNrEH:6Bk5Whtm1iYMpPcG0Ii0b

  Score

  10^/10

  floxiflummabackdoordiscoverypersistenceprivilege_escalationstealertrojanupx

  • Floxif family

    floxif

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Detects Floxif payload

    backdoor

  • Event Triggered Execution: AppInit DLLs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2