Overview

overview

10

Static

static

3

2025-01-30...if.exe

windows7-x64

10

2025-01-30...if.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-30_e0f21ff0785266b2a97387a6a215d702_bkransomware_floxif

  • Size

    3.4MB

  • Sample

    250130-c4117swmft

  • MD5

    e0f21ff0785266b2a97387a6a215d702

  • SHA1

    fea5d73c59047f7163f0f8ec144b36c39fafb64e

  • SHA256

    f0d5c7438682a8c57a9863c274bfafd5396ec458e6654daf465bac6c56219204

  • SHA512

    7d9c725799887baba49f74251ee205c3014d94488166c012161ca45d9852cc7b5e2f9f417a08f3d7727b35585ea7176b6e59b7a335862b338123b088c4db7b94

  • SSDEEP

    98304:T8n/l3KWOxDpha6HR4X9wB7D4aJFFLOAkGkzdnEVomFHKnPwO:Teuc9wB7UaPFLOyomFHKnPH

Score
10/10
floxifbackdoordiscoverytrojanupx

Malware Config

Targets

    • Target

      2025-01-30_e0f21ff0785266b2a97387a6a215d702_bkransomware_floxif

    • Size

      3.4MB

    • MD5

      e0f21ff0785266b2a97387a6a215d702

    • SHA1

      fea5d73c59047f7163f0f8ec144b36c39fafb64e

    • SHA256

      f0d5c7438682a8c57a9863c274bfafd5396ec458e6654daf465bac6c56219204

    • SHA512

      7d9c725799887baba49f74251ee205c3014d94488166c012161ca45d9852cc7b5e2f9f417a08f3d7727b35585ea7176b6e59b7a335862b338123b088c4db7b94

    • SSDEEP

      98304:T8n/l3KWOxDpha6HR4X9wB7D4aJFFLOAkGkzdnEVomFHKnPwO:Teuc9wB7UaPFLOyomFHKnPH

    Score
    10/10
    floxifbackdoordiscoverytrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks