floxif | a6a4835fee3a259c0b95836071e65652544318df1ebbbb52821b57a532554e2b | Triage

Sharing

General

Target

a6a4835fee3a259c0b95836071e65652544318df1ebbbb52821b57a532554e2b
Size

158KB
Sample

250109-ggcgjs1jfz
MD5

574b16879fed8c0a2acad5692be596c7
SHA1

64fabb08dfac97665a6d6e89c6b951ec3d966e3e
SHA256

a6a4835fee3a259c0b95836071e65652544318df1ebbbb52821b57a532554e2b
SHA512

619ff6dbaf2eb79d7d2f7ef962d8b6dc9175eb935b29cef8c16715c9a5cb9d2f5d9d0ccf4c16e090001c7ed18bfb35222730f6b9e46dc12a348cb1f018d978ff
SSDEEP

3072:qQICWTXJnGzQCI1oYSxFU4p/MNc1q2lQBV+UdE+rECWp7hKUx76PO:qQihcTphwBV+UdvrEFp7hKUx2m

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Malware Config

Targets

- Target
  
  a6a4835fee3a259c0b95836071e65652544318df1ebbbb52821b57a532554e2b
- Size
  
  158KB
- MD5
  
  574b16879fed8c0a2acad5692be596c7
- SHA1
  
  64fabb08dfac97665a6d6e89c6b951ec3d966e3e
- SHA256
  
  a6a4835fee3a259c0b95836071e65652544318df1ebbbb52821b57a532554e2b
- SHA512
  
  619ff6dbaf2eb79d7d2f7ef962d8b6dc9175eb935b29cef8c16715c9a5cb9d2f5d9d0ccf4c16e090001c7ed18bfb35222730f6b9e46dc12a348cb1f018d978ff
- SSDEEP
  
  3072:qQICWTXJnGzQCI1oYSxFU4p/MNc1q2lQBV+UdE+rECWp7hKUx76PO:qQihcTphwBV+UdvrEFp7hKUx2m
Score

10^/10

floxif backdoor discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  75e7351a0f836b8659e6f315683c29f7
- SHA1
  
  66b733d1c978d68cadc245e7efbfcae32807429d
- SHA256
  
  7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee
- SHA512
  
  f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Registry.dll
- Size
  
  24KB
- MD5
  
  2b7007ed0262ca02ef69d8990815cbeb
- SHA1
  
  2eabe4f755213666dbbbde024a5235ddde02b47f
- SHA256
  
  0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
- SHA512
  
  aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
- SSDEEP
  
  384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a78507ea1078cadaa8b2ec1a2e1d874f
- SHA1
  
  77fe20488444ebbaafc5b2c0743251a94edc3b8e
- SHA256
  
  93d1e681daebfd24ff9fab3952e8ae94eddbdfb3650937988c1fd8085991610e
- SHA512
  
  0399452c7305f23576d4175ec198ad8da8a530215e9304632b20bcb41a38fa0ba2c1c0b0b734b9f887851c92c7f2cf4cdfad403ace84e63318c0694402e1f270
- SSDEEP
  
  192:8trS5c+oKreH53n2fUC1lfeTf9OJCzD4/IVqh88GrgU6H:/jrd09O3/IcG8U6H
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/textreplace.dll
- Size
  
  5KB
- MD5
  
  72d1177bad86f4df8eaee2a8afe50e6f
- SHA1
  
  c36019dfa2ff5c90c9da31c89dfcda08f93df68d
- SHA256
  
  c058f4439617bdb2019c90abd9920070a23f751b9349051d0744280cd5d9c5d7
- SHA512
  
  e0e764fcafa833f94ad2d5ae2a407f3e35bd27efa078625d5a2c9372ea28d7889c4b339e457d6fd7c3c90475b2d1603142a8c46a23f59b5784478860b06ee1b3
- SSDEEP
  
  96:RHbaG527tDIdcuPYyKV20sWt5yzASW3zRvDOfGq:RHba5JCcmgV20sqhZ2
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverytrojanupx

behavioral2

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12