General
-
Target
2025-01-09_235497d6679683d45d3bc35999d37f5e_floxif_icedid
-
Size
2.6MB
-
Sample
250109-v25kqaxpfm
-
MD5
235497d6679683d45d3bc35999d37f5e
-
SHA1
ea7fce108c9ef2b8f23f0cc374234e0aa612bf2c
-
SHA256
7927a961eb4821bb0870b7765602c25c7121717bf5f99d79479822b67bf1fa64
-
SHA512
1751459a0858ec66eeb7f4b92aa8a58f69a2b78ad802472d5aec9b59f1ecb08e6662a6d6b26348e7f187ba6584a1e0a11d66e0d165744980daf382843b35cd04
-
SSDEEP
24576:RpqzhKwykVFLvty85U+PzY0Ff5lAVElV7nTYSlLGaqln0d6PSdTjo8ufJa/zfzk3:RpAhDFy+zWOpLvqln0gQTWfJa/jzkjko
Malware Config
Targets
-
-
Target
2025-01-09_235497d6679683d45d3bc35999d37f5e_floxif_icedid
-
Size
2.6MB
-
MD5
235497d6679683d45d3bc35999d37f5e
-
SHA1
ea7fce108c9ef2b8f23f0cc374234e0aa612bf2c
-
SHA256
7927a961eb4821bb0870b7765602c25c7121717bf5f99d79479822b67bf1fa64
-
SHA512
1751459a0858ec66eeb7f4b92aa8a58f69a2b78ad802472d5aec9b59f1ecb08e6662a6d6b26348e7f187ba6584a1e0a11d66e0d165744980daf382843b35cd04
-
SSDEEP
24576:RpqzhKwykVFLvty85U+PzY0Ff5lAVElV7nTYSlLGaqln0d6PSdTjo8ufJa/zfzk3:RpAhDFy+zWOpLvqln0gQTWfJa/jzkjko
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-