Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.ve3rl.co...

windows10-2004-x64

10

Resubmissions

10/01/2025, 09:55

250110-lx64ba1lcy 6

10/01/2025, 09:46

250110-lr2xeatjek 10

10/01/2025, 09:41

250110-ln5h5asrfm 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.ve3rl.com/

  • Sample

    250110-lr2xeatjek

Score
10/10
floxifbackdoorbootkitdiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      https://www.ve3rl.com/

    Score
    10/10
    floxifbackdoorbootkitdiscoverypersistencetrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks