floxif | 0d98e73ccab4ee10cb1b06c63e6705712aa290cb4f2e232d46e97db7e97ba65e

General

Target

0d98e73ccab4ee10cb1b06c63e6705712aa290cb4f2e232d46e97db7e97ba65e
Size

298KB
Sample

250305-qdg3asyzbx
MD5

94a8ed1d77d2115abb0971c5b8e4df30
SHA1

9d10a24c046d18bc7755da15852edb2ea62494c1
SHA256

0d98e73ccab4ee10cb1b06c63e6705712aa290cb4f2e232d46e97db7e97ba65e
SHA512

4d1d01a2e883a14b67aa653a97a22a4f7e172faeffb41af641d440cd50affa2bf610a4e73c84ff712983defe218cdf27bb287b57089f022465599da5a9ad7b59
SSDEEP

6144:dXXL0gkZQQZLIeUAOb6ImJUNUUBV+UdvrEFp7hK8:dXXAPQqI/AKmCdBjvrEH7D

Score

10^/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  0d98e73ccab4ee10cb1b06c63e6705712aa290cb4f2e232d46e97db7e97ba65e
- Size
  
  298KB
- MD5
  
  94a8ed1d77d2115abb0971c5b8e4df30
- SHA1
  
  9d10a24c046d18bc7755da15852edb2ea62494c1
- SHA256
  
  0d98e73ccab4ee10cb1b06c63e6705712aa290cb4f2e232d46e97db7e97ba65e
- SHA512
  
  4d1d01a2e883a14b67aa653a97a22a4f7e172faeffb41af641d440cd50affa2bf610a4e73c84ff712983defe218cdf27bb287b57089f022465599da5a9ad7b59
- SSDEEP
  
  6144:dXXL0gkZQQZLIeUAOb6ImJUNUUBV+UdvrEFp7hK8:dXXAPQqI/AKmCdBjvrEH7D
Score

10^/10

floxif sality backdoor defense_evasion discovery trojan upx persistence privilege_escalation
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Modifies firewall policy service
  defense_evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  defense_evasion trojan
- Windows security bypass
  defense_evasion trojan
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2