General
-
Target
2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid
-
Size
22.2MB
-
Sample
250123-qs1sysspgj
-
MD5
ef5b79d11d56ac638acea43040ba6e2e
-
SHA1
be50d85741ddf0c0b28b55e340b330824ec341e8
-
SHA256
a3423bf9cd6d13981e3efb81bd2d4861b2606d1bfcca8472e1ade9a8f87bd905
-
SHA512
6381b6c4ef8de0fc48c564c9e02f6df1d562434ad3ddf86fa4a456b9ca49847f3b8c3f14caecfc88aa2a340df055e6b7a10ca1f6db22ff2b67764192df283052
-
SSDEEP
393216:6XePsQXKIQ2A6p/jJicojuCXiv3vMBnz4CFxDqg9u4PS6n4CEJXE0wEKD3/LR:6XePsQXKx6liUCXk3EmCFpq4PznwXDwB
Malware Config
Targets
-
-
Target
2025-01-23_ef5b79d11d56ac638acea43040ba6e2e_floxif_icedid
-
Size
22.2MB
-
MD5
ef5b79d11d56ac638acea43040ba6e2e
-
SHA1
be50d85741ddf0c0b28b55e340b330824ec341e8
-
SHA256
a3423bf9cd6d13981e3efb81bd2d4861b2606d1bfcca8472e1ade9a8f87bd905
-
SHA512
6381b6c4ef8de0fc48c564c9e02f6df1d562434ad3ddf86fa4a456b9ca49847f3b8c3f14caecfc88aa2a340df055e6b7a10ca1f6db22ff2b67764192df283052
-
SSDEEP
393216:6XePsQXKIQ2A6p/jJicojuCXiv3vMBnz4CFxDqg9u4PS6n4CEJXE0wEKD3/LR:6XePsQXKx6liUCXk3EmCFpq4PznwXDwB
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-