Overview

overview

10

Static

static

1

2025-01-20...ia.exe

windows7-x64

10

2025-01-20...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-20_ecbc4163d214d1e8dadb16e308c98af8_floxif_hijackloader_mafia

  • Size

    2.7MB

  • Sample

    250120-lnj77atkaj

  • MD5

    ecbc4163d214d1e8dadb16e308c98af8

  • SHA1

    f3e6447e21036cf076852917d1859f9968b6e435

  • SHA256

    39b3c920a050608d81d404f5150835d8b6a954d8b61997fee152b387c8465aa9

  • SHA512

    74381ef9f210f2521731997608d1b483eb945580eda0648a7df45e65c96ceddf4fe8765d674a7b75d778c93aa7e2986355d295128d43cb50c9570ee5e872f960

  • SSDEEP

    49152:2Pf6VdMQTNRbg20shkNw//7vgseqziRS1UsrzoeNFZer5c71y9Bx4M3W/KMZKWKu:2q1Rz0ssw//7vgVqziRS1UsrzppA5y1/

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2025-01-20_ecbc4163d214d1e8dadb16e308c98af8_floxif_hijackloader_mafia

    • Size

      2.7MB

    • MD5

      ecbc4163d214d1e8dadb16e308c98af8

    • SHA1

      f3e6447e21036cf076852917d1859f9968b6e435

    • SHA256

      39b3c920a050608d81d404f5150835d8b6a954d8b61997fee152b387c8465aa9

    • SHA512

      74381ef9f210f2521731997608d1b483eb945580eda0648a7df45e65c96ceddf4fe8765d674a7b75d778c93aa7e2986355d295128d43cb50c9570ee5e872f960

    • SSDEEP

      49152:2Pf6VdMQTNRbg20shkNw//7vgseqziRS1UsrzoeNFZer5c71y9Bx4M3W/KMZKWKu:2q1Rz0ssw//7vgVqziRS1UsrzppA5y1/

    Score
    10/10
    floxifbackdoordiscoverytrojanupxpersistenceprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks