General
-
Target
2025-02-07_67989425164b5861205c235a99bcc494_floxif_mafia
-
Size
2.5MB
-
Sample
250207-hgwqvssmhv
-
MD5
67989425164b5861205c235a99bcc494
-
SHA1
3e558157b4a9ef39d2203d0b32a54a3f11b6513d
-
SHA256
ce1ea1a5efe6b283f50ea492c3dd2fdde26239018c87e1d3f103bb479df0d896
-
SHA512
f5245a9861801ae4033d304268fc03bdacaa2d85927ddefcb8caa57cf06c5c5546651270be2c9651e52199e1b1694e9dc2a7a6eb7822038f2933c95a6bba3f7a
-
SSDEEP
49152:tuI4KEofs2hPd2l177BTK2VbDsar1YDjD:tjhfs2hPIl1/g
Malware Config
Targets
-
-
Target
2025-02-07_67989425164b5861205c235a99bcc494_floxif_mafia
-
Size
2.5MB
-
MD5
67989425164b5861205c235a99bcc494
-
SHA1
3e558157b4a9ef39d2203d0b32a54a3f11b6513d
-
SHA256
ce1ea1a5efe6b283f50ea492c3dd2fdde26239018c87e1d3f103bb479df0d896
-
SHA512
f5245a9861801ae4033d304268fc03bdacaa2d85927ddefcb8caa57cf06c5c5546651270be2c9651e52199e1b1694e9dc2a7a6eb7822038f2933c95a6bba3f7a
-
SSDEEP
49152:tuI4KEofs2hPd2l177BTK2VbDsar1YDjD:tjhfs2hPIl1/g
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-