floxif | 5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe | Triage

Submit
Reports

Overview

overview

Static

static

1

5d0243cc89...fe.exe

windows7-x64

5d0243cc89...fe.exe

windows10-2004-x64

Sharing

General

Target

5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe
Size

1.6MB
Sample

250110-hptlgawldx
MD5

1e169c05dbd79b428b0e3c3bd8e7b730
SHA1

a42c708aa16a90d1a91263fc808c0499ae9a232f
SHA256

5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe
SHA512

37e6b60360f004b3a7c7d8817d4518154cb0c4c1009257e007865f8fc05d822ce298a16111ca60e1f06217a5a6c8e751181a7263e9b46b0eea03afd11348d7ec
SSDEEP

24576:RUolrU/JboMZlOglm2nNPYs/9Way5gCkIurDsD7eXGzLervxqA9vrEH78C:dl4/BvrFm2nhL/95yGDsD7SGzLezUn

Score

10^/10

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe.exe

Resource

win7-20240903-en

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe.exe

Resource

win10v2004-20241007-en

floxif backdoor bootkit discovery persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe
- Size
  
  1.6MB
- MD5
  
  1e169c05dbd79b428b0e3c3bd8e7b730
- SHA1
  
  a42c708aa16a90d1a91263fc808c0499ae9a232f
- SHA256
  
  5d0243cc8983c28ddce30c1070ff4b7c9ac9ebce44561f555a05213d7bf42bfe
- SHA512
  
  37e6b60360f004b3a7c7d8817d4518154cb0c4c1009257e007865f8fc05d822ce298a16111ca60e1f06217a5a6c8e751181a7263e9b46b0eea03afd11348d7ec
- SSDEEP
  
  24576:RUolrU/JboMZlOglm2nNPYs/9Way5gCkIurDsD7eXGzLervxqA9vrEH78C:dl4/BvrFm2nhL/95yGDsD7SGzLezUn
Score

10^/10

floxif backdoor bootkit discovery persistence privilege_escalation trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoorbootkitdiscoverypersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoorbootkitdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy