Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-31_63c72fab34d53a9f028a7c20a978ae4a_floxif_frostygoop_snatch

  • Size

    3.6MB

  • Sample

    250131-w5zdjswjfp

  • MD5

    63c72fab34d53a9f028a7c20a978ae4a

  • SHA1

    d66fe00ff6d88744ac6cb8e88402e8c9657128fe

  • SHA256

    69602320b8178e3347387560d1ef65f60b9000fc0257504eb942560bcb2a5a84

  • SHA512

    e0738b0fb3faa2623f139434e26dabcb51a3a92abcc79b73f61b0a8b979f164e0b2e6641f80f658481b5c4ad428b1460fb3f57b09a53f085abae46f153e60611

  • SSDEEP

    49152:VRs2G1IKjvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZQQ:zs2F4yEme4fOTwq2iOLkQmZ

Malware Config

Targets

    • Target

      2025-01-31_63c72fab34d53a9f028a7c20a978ae4a_floxif_frostygoop_snatch

    • Size

      3.6MB

    • MD5

      63c72fab34d53a9f028a7c20a978ae4a

    • SHA1

      d66fe00ff6d88744ac6cb8e88402e8c9657128fe

    • SHA256

      69602320b8178e3347387560d1ef65f60b9000fc0257504eb942560bcb2a5a84

    • SHA512

      e0738b0fb3faa2623f139434e26dabcb51a3a92abcc79b73f61b0a8b979f164e0b2e6641f80f658481b5c4ad428b1460fb3f57b09a53f085abae46f153e60611

    • SSDEEP

      49152:VRs2G1IKjvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZQQ:zs2F4yEme4fOTwq2iOLkQmZ

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks