General
-
Target
2025-02-04_d8ba685da5c86c416ad02c50528d5c5a_floxif_frostygoop_snatch
-
Size
3.6MB
-
Sample
250204-3lsvzsxrhz
-
MD5
d8ba685da5c86c416ad02c50528d5c5a
-
SHA1
eddf8400d6c9485983ddfdafb44337d1c93df6b4
-
SHA256
ea7d518d96ba0c94731dd9199a2ea758e18a27a0ae464fb71dea38bb527e9e47
-
SHA512
db44f6262e13e555ad9af88f0c8500b43d1a4b438fffb028f81c1a140c207e383562497f6a7a0f92dc5c8c17fc286ca48d6c5088d9df4a8966f6d1c620f14dba
-
SSDEEP
49152:VRs2E1IKqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZC:zs2bpyEme4fOTwq2iOLkQmC
Malware Config
Targets
-
-
Target
2025-02-04_d8ba685da5c86c416ad02c50528d5c5a_floxif_frostygoop_snatch
-
Size
3.6MB
-
MD5
d8ba685da5c86c416ad02c50528d5c5a
-
SHA1
eddf8400d6c9485983ddfdafb44337d1c93df6b4
-
SHA256
ea7d518d96ba0c94731dd9199a2ea758e18a27a0ae464fb71dea38bb527e9e47
-
SHA512
db44f6262e13e555ad9af88f0c8500b43d1a4b438fffb028f81c1a140c207e383562497f6a7a0f92dc5c8c17fc286ca48d6c5088d9df4a8966f6d1c620f14dba
-
SSDEEP
49152:VRs2E1IKqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZC:zs2bpyEme4fOTwq2iOLkQmC
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-