floxif | 33ca6aee42bacf329a112eb334fa98244815bf85f8559543730f1cf77241e4e3 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-03...yn.exe

windows10-2004-x64

Sharing

General

Target

2025-04-03_eaef5986a692fa510f7bc441dad5a58e_black-basta_cobalt-strike_floxif_luca-stealer_swisyn
Size

666KB
Sample

250403-vreljssqy8
MD5

eaef5986a692fa510f7bc441dad5a58e
SHA1

3990c67fd8939f390537e3b211dd872a9976599d
SHA256

33ca6aee42bacf329a112eb334fa98244815bf85f8559543730f1cf77241e4e3
SHA512

b655b9d91f5dbf61da26c48e135b1116a81af40f2e8c9bf5a7616fdf0f68762207aed1c89312fe8ea3a088486dff3b247515defda86f4c07c2ac6f1ffb5967ec
SSDEEP

12288:cFUNDa4FURDatkDOymC2+9Ddjm7uBjvrEH7cuBjvrEH7+y:cFOa4FYatkqiFdjm7IrEH7hrEH7+y

Score

10^/10

floxif backdoor defense_evasion discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-03_eaef5986a692fa510f7bc441dad5a58e_black-basta_cobalt-strike_floxif_luca-stealer_swisyn.exe

Resource

win10v2004-20250314-en

floxif backdoor defense_evasion discovery persistence trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-03_eaef5986a692fa510f7bc441dad5a58e_black-basta_cobalt-strike_floxif_luca-stealer_swisyn
- Size
  
  666KB
- MD5
  
  eaef5986a692fa510f7bc441dad5a58e
- SHA1
  
  3990c67fd8939f390537e3b211dd872a9976599d
- SHA256
  
  33ca6aee42bacf329a112eb334fa98244815bf85f8559543730f1cf77241e4e3
- SHA512
  
  b655b9d91f5dbf61da26c48e135b1116a81af40f2e8c9bf5a7616fdf0f68762207aed1c89312fe8ea3a088486dff3b247515defda86f4c07c2ac6f1ffb5967ec
- SSDEEP
  
  12288:cFUNDa4FURDatkDOymC2+9Ddjm7uBjvrEH7cuBjvrEH7+y:cFOa4FYatkqiFdjm7IrEH7hrEH7+y
Score

10^/10

floxif backdoor defense_evasion discovery persistence trojan upx
- Floxif family
  floxif
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Modifies visiblity of hidden/system files in Explorer
  defense_evasion
- Detects Floxif payload
  backdoor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

floxifbackdoordefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy