floxif | 56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe | Triage

Submit
Reports

Overview

overview

Static

static

5

56517e3427...fe.exe

windows7-x64

56517e3427...fe.exe

windows10-2004-x64

Resubmissions

10/01/2025, 00:49

250110-a6nsjsykfm 10

10/01/2025, 00:44

250110-a3smbsyjgm 10

Sharing

General

Target

56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe
Size

898KB
Sample

250110-a3smbsyjgm
MD5

937986e8592a7b7bd67f103dfb7b7cbc
SHA1

72c12d3783fcbef037ddf9f750a9295c4fb6e87a
SHA256

56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe
SHA512

48ade4686d1858889362acb6d9dba3212f00666845bc5858ff32d03356ecd094255e032a8298c6446b8b95a9c205eb3c9f747f3e9ac23c5e07dc797550d17209
SSDEEP

24576:VHWkBZu9EYC1fC0gpBm17F7oTMO9Fg2vGrEH7v:VpLAfc48FGIOnT

Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe.exe

Resource

win7-20241010-en

floxif backdoor discovery persistence privilege_escalation trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe
- Size
  
  898KB
- MD5
  
  937986e8592a7b7bd67f103dfb7b7cbc
- SHA1
  
  72c12d3783fcbef037ddf9f750a9295c4fb6e87a
- SHA256
  
  56517e342716102569cef1ab56cc5f63827a980e6802f5ba5741a65c73356afe
- SHA512
  
  48ade4686d1858889362acb6d9dba3212f00666845bc5858ff32d03356ecd094255e032a8298c6446b8b95a9c205eb3c9f747f3e9ac23c5e07dc797550d17209
- SSDEEP
  
  24576:VHWkBZu9EYC1fC0gpBm17F7oTMO9Fg2vGrEH7v:VpLAfc48FGIOnT
Score

10^/10

floxif backdoor discovery persistence privilege_escalation trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoordiscoverytrojanupx

© 2018-2025

Terms | Privacy