General

  • Target

    2025-01-20_365f86639d6bdbf6efb50b3ecf368e7c_floxif_mafia

  • Size

    2.5MB

  • Sample

    250120-rr6s9atmer

  • MD5

    365f86639d6bdbf6efb50b3ecf368e7c

  • SHA1

    02c7c2614a777cfba8833b362da89994ff52685c

  • SHA256

    d1a639a756066587956303f2a708ec85de73f11d0bd7dccb3cf57c8b740f8806

  • SHA512

    09d65e974571fae40f4c9c158b6bad331188d8107ce0fd1d9bc6b2ca05ede8e0c3d166d49ee19722a03bf6d4cb912dddd0a5e2adfe3e6bedaf4b617cb772f9f3

  • SSDEEP

    49152:tuInKqofs2hPd2l177BTK2VbDsar1YDjY:tjKfs2hPIl1/X

Malware Config

Targets

    • Target

      2025-01-20_365f86639d6bdbf6efb50b3ecf368e7c_floxif_mafia

    • Size

      2.5MB

    • MD5

      365f86639d6bdbf6efb50b3ecf368e7c

    • SHA1

      02c7c2614a777cfba8833b362da89994ff52685c

    • SHA256

      d1a639a756066587956303f2a708ec85de73f11d0bd7dccb3cf57c8b740f8806

    • SHA512

      09d65e974571fae40f4c9c158b6bad331188d8107ce0fd1d9bc6b2ca05ede8e0c3d166d49ee19722a03bf6d4cb912dddd0a5e2adfe3e6bedaf4b617cb772f9f3

    • SSDEEP

      49152:tuInKqofs2hPd2l177BTK2VbDsar1YDjY:tjKfs2hPIl1/X

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks