General
-
Target
2025-02-18_562fee75168440d69f02418235a1ad33_floxif_mafia
-
Size
1.8MB
-
Sample
250218-kfrrmaypgx
-
MD5
562fee75168440d69f02418235a1ad33
-
SHA1
38ec0e4aea184e5d799ad147b8ea025649688aad
-
SHA256
7264469a3aea112fc7642310c58e31c96a656f08abd1115b864a9d519a52d28c
-
SHA512
85bc71a573686a6b5197109521cb04a4506d60ba9eebb2f23f0587edd5bfa2c1f43a1ad437a81c31c24b2e28dd32a3f78fb1095e60464208990d7b6d61c86d89
-
SSDEEP
49152:kpEbew1gkZV2HXsMnmjEREseBSsxHnfXsrHYiKYiliv/:JaYtYj
Malware Config
Targets
-
-
Target
2025-02-18_562fee75168440d69f02418235a1ad33_floxif_mafia
-
Size
1.8MB
-
MD5
562fee75168440d69f02418235a1ad33
-
SHA1
38ec0e4aea184e5d799ad147b8ea025649688aad
-
SHA256
7264469a3aea112fc7642310c58e31c96a656f08abd1115b864a9d519a52d28c
-
SHA512
85bc71a573686a6b5197109521cb04a4506d60ba9eebb2f23f0587edd5bfa2c1f43a1ad437a81c31c24b2e28dd32a3f78fb1095e60464208990d7b6d61c86d89
-
SSDEEP
49152:kpEbew1gkZV2HXsMnmjEREseBSsxHnfXsrHYiKYiliv/:JaYtYj
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-