Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-24_f1ab5e4ef33da0b1cf66a9e6493ad90d_floxif_mafia_qakbot_revil

  • Size

    4.6MB

  • Sample

    250124-3dmc8svqgj

  • MD5

    f1ab5e4ef33da0b1cf66a9e6493ad90d

  • SHA1

    47b845ddf73d2dc4c7b145e9467f8074105eefc7

  • SHA256

    9c18887480845ab15764d0387ec4ee8b221fdded241baeccd64888194a46c20e

  • SHA512

    8395187bb5ae1351f4eeea8e128dc6914223541099412b26cf6ec80fea032b28a5d6f8aaf3aeb345f3797bc0335f8ea3c63a2593f2b540fe191f72d647c53845

  • SSDEEP

    98304:DcxGy2klzIyeuRxp4qaedgNtAC72B/XW02c9GVe:fxklzIyeuRxp4qaedgXAC7HNcEVe

Malware Config

Targets

    • Target

      2025-01-24_f1ab5e4ef33da0b1cf66a9e6493ad90d_floxif_mafia_qakbot_revil

    • Size

      4.6MB

    • MD5

      f1ab5e4ef33da0b1cf66a9e6493ad90d

    • SHA1

      47b845ddf73d2dc4c7b145e9467f8074105eefc7

    • SHA256

      9c18887480845ab15764d0387ec4ee8b221fdded241baeccd64888194a46c20e

    • SHA512

      8395187bb5ae1351f4eeea8e128dc6914223541099412b26cf6ec80fea032b28a5d6f8aaf3aeb345f3797bc0335f8ea3c63a2593f2b540fe191f72d647c53845

    • SSDEEP

      98304:DcxGy2klzIyeuRxp4qaedgNtAC72B/XW02c9GVe:fxklzIyeuRxp4qaedgXAC7HNcEVe

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks