Overview

overview

10

Static

static

1

2025-01-10...if.exe

windows7-x64

10

2025-01-10...if.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif

  • Size

    26.9MB

  • Sample

    250110-kvbc7a1ran

  • MD5

    8d7d56e290266a313874b9f9efca4573

  • SHA1

    4bf0343454ed6b091cd125a1054eed8e542eab79

  • SHA256

    68f37e5e4fa62f7b37e2c0d3397a8eaf010b1bf99dc955166c067cf0efebd7a5

  • SHA512

    e43956e5fcb4c4b317dbe4b260f8691682358c0b5c3dd2903549e19dd54f3413b7bcb3e44a9b6d92425d769f78f8d496c7a425914a5275aba4a93a6c1df34838

  • SSDEEP

    786432:JR+SCntaUfOGhTwRoZJOH+vm2vgYCiY5SIiRf:JR+LnNOG5Jn6YCi79f

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif

    • Size

      26.9MB

    • MD5

      8d7d56e290266a313874b9f9efca4573

    • SHA1

      4bf0343454ed6b091cd125a1054eed8e542eab79

    • SHA256

      68f37e5e4fa62f7b37e2c0d3397a8eaf010b1bf99dc955166c067cf0efebd7a5

    • SHA512

      e43956e5fcb4c4b317dbe4b260f8691682358c0b5c3dd2903549e19dd54f3413b7bcb3e44a9b6d92425d769f78f8d496c7a425914a5275aba4a93a6c1df34838

    • SSDEEP

      786432:JR+SCntaUfOGhTwRoZJOH+vm2vgYCiY5SIiRf:JR+LnNOG5Jn6YCi79f

    Score
    10/10
    floxifbackdoordiscoverytrojanupxpersistenceprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks