Overview

overview

10

Static

static

3

2025-04-23...yn.exe

windows10-2004-x64

10

2025-04-23...yn.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-23_be21f806d02be9b3044a114e1a5c3274_black-basta_elex_floxif_hijackloader_luca-stealer_swisyn

  • Size

    2.7MB

  • Sample

    250423-xd41dszrw6

  • MD5

    be21f806d02be9b3044a114e1a5c3274

  • SHA1

    669b146086148b68b9a9d4b2c6f5ca7f2a299edf

  • SHA256

    ea719f2095f6db1bf0154b9b5eb980ac7855303d9de7027b224e20fda4c34659

  • SHA512

    c357472ae16e863c5ae66767fa214696e1ee0b297b13903d520ed782d7fbc9546d714a77a0709b23318177326b6c4d86a9394d3a1c4ee2cd8860a5243d3120ad

  • SSDEEP

    49152:s3IxNLJoKzcCyEq9DRho/ctH01Ws74rA4RUBDHgE3dqFWVCn5:WKB5qFb0I+0PqkWE5

Score
10/10
floxifbackdoordefense_evasiondiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      2025-04-23_be21f806d02be9b3044a114e1a5c3274_black-basta_elex_floxif_hijackloader_luca-stealer_swisyn

    • Size

      2.7MB

    • MD5

      be21f806d02be9b3044a114e1a5c3274

    • SHA1

      669b146086148b68b9a9d4b2c6f5ca7f2a299edf

    • SHA256

      ea719f2095f6db1bf0154b9b5eb980ac7855303d9de7027b224e20fda4c34659

    • SHA512

      c357472ae16e863c5ae66767fa214696e1ee0b297b13903d520ed782d7fbc9546d714a77a0709b23318177326b6c4d86a9394d3a1c4ee2cd8860a5243d3120ad

    • SSDEEP

      49152:s3IxNLJoKzcCyEq9DRho/ctH01Ws74rA4RUBDHgE3dqFWVCn5:WKB5qFb0I+0PqkWE5

    Score
    10/10
    floxifbackdoordefense_evasiondiscoverypersistencetrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Modifies visiblity of hidden/system files in Explorer

      defense_evasion

    • Detects Floxif payload

      backdoor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks