Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

2025-01-05...ia.exe

windows7-x64

10

2025-01-05...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-05_0ec0083833f95997d7121ba031673156_floxif_mafia

  • Size

    2.4MB

  • Sample

    250105-v7vbya1kft

  • MD5

    0ec0083833f95997d7121ba031673156

  • SHA1

    03e0bfa0f77065bc4cbc1c4c7dd03dd42ed5becf

  • SHA256

    dce770e8218945b7790443d80ef86f988abb3a85d994be1719ec4fd5648e2d14

  • SHA512

    0487eebe119d84d657c694d51abe9790bdb140c6804a36884cecd1c2f6e067792ad64dffb51fe7de21a62d4e4ce6ece535fc9e22ed08a0ae3c9983ebcfd71bb3

  • SSDEEP

    49152:2zuE7LqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31ql:bE7OrlyutLxC3sEwwM3Ul

Score
10/10
floxifbackdoorbootkitdiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2025-01-05_0ec0083833f95997d7121ba031673156_floxif_mafia

    • Size

      2.4MB

    • MD5

      0ec0083833f95997d7121ba031673156

    • SHA1

      03e0bfa0f77065bc4cbc1c4c7dd03dd42ed5becf

    • SHA256

      dce770e8218945b7790443d80ef86f988abb3a85d994be1719ec4fd5648e2d14

    • SHA512

      0487eebe119d84d657c694d51abe9790bdb140c6804a36884cecd1c2f6e067792ad64dffb51fe7de21a62d4e4ce6ece535fc9e22ed08a0ae3c9983ebcfd71bb3

    • SSDEEP

      49152:2zuE7LqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW31ql:bE7OrlyutLxC3sEwwM3Ul

    Score
    10/10
    floxifbackdoorbootkitdiscoverypersistencetrojanupxprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.