Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-25_9840b1e7479a5b8363936c279a1e84ad_floxif_mafia

  • Size

    239KB

  • Sample

    250125-xgzvvaxqbl

  • MD5

    9840b1e7479a5b8363936c279a1e84ad

  • SHA1

    1b21b6ccb3c98736c563a4425cff04baabb2bd59

  • SHA256

    557a5015c1d2bd11e1aa70399b3711ebb73347a511cbe202ea4ffb398fe7b448

  • SHA512

    c6a31754db2b911cc7f57d5daf75429aeea94ced9e19e3a3a5c5d5635fa7287223b73f725a21956572d2c696b0c3fb637466342ca49a002fdaa8e77e8596a37b

  • SSDEEP

    6144:ObEUG4CdDMjfSZlNn/IcpGnzfBV+UdvrEFp7hKE7If:OfmdDMj6nNn/ppOzfBjvrEH7n7If

Malware Config

Targets

    • Target

      2025-01-25_9840b1e7479a5b8363936c279a1e84ad_floxif_mafia

    • Size

      239KB

    • MD5

      9840b1e7479a5b8363936c279a1e84ad

    • SHA1

      1b21b6ccb3c98736c563a4425cff04baabb2bd59

    • SHA256

      557a5015c1d2bd11e1aa70399b3711ebb73347a511cbe202ea4ffb398fe7b448

    • SHA512

      c6a31754db2b911cc7f57d5daf75429aeea94ced9e19e3a3a5c5d5635fa7287223b73f725a21956572d2c696b0c3fb637466342ca49a002fdaa8e77e8596a37b

    • SSDEEP

      6144:ObEUG4CdDMjfSZlNn/IcpGnzfBV+UdvrEFp7hKE7If:OfmdDMj6nNn/ppOzfBjvrEH7n7If

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks