floxif | 7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466 | Triage

Submit
Reports

Overview

overview

Static

static

1

7bc9ea42a7...6N.exe

windows7-x64

7bc9ea42a7...6N.exe

windows10-2004-x64

Sharing

General

Target

7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466N.exe
Size

2.1MB
Sample

250123-lqf9bawjfl
MD5

21430de3812d209f6d98008fbb46c620
SHA1

dcb01a51091e0f215d60f4fc4c40aea452b67274
SHA256

7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466
SHA512

172eab0029b685858fcced31d57cbfe12e190e3190f0da3e5187ff201e06219cbfafc7f2709a43997fe3da26c79963515b73113348edf1561fc2fc56e75a730f
SSDEEP

49152:cVlvpIwwozsEbQfXvBIsyBjuv11f1jKwsRAVnB77:8hpRzsE0vJTCjut1qyVnh

Score

10^/10

floxif backdoor discovery persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466N.exe

Resource

win7-20240903-en

floxif backdoor discovery persistence trojan upx

windows7-x64

18 signatures

120 seconds

Behavioral task

behavioral2

Sample

7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466N.exe

Resource

win10v2004-20241007-en

floxif backdoor discovery persistence trojan upx

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Targets

- Target
  
  7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466N.exe
- Size
  
  2.1MB
- MD5
  
  21430de3812d209f6d98008fbb46c620
- SHA1
  
  dcb01a51091e0f215d60f4fc4c40aea452b67274
- SHA256
  
  7bc9ea42a7c6dfa968d75090ccbf46bf98859f7e38a6370f3a73592403dc1466
- SHA512
  
  172eab0029b685858fcced31d57cbfe12e190e3190f0da3e5187ff201e06219cbfafc7f2709a43997fe3da26c79963515b73113348edf1561fc2fc56e75a730f
- SSDEEP
  
  49152:cVlvpIwwozsEbQfXvBIsyBjuv11f1jKwsRAVnB77:8hpRzsE0vJTCjut1qyVnh
Score

10^/10

floxif backdoor discovery persistence trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordiscoverypersistencetrojanupx

behavioral2

floxifbackdoordiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy