Overview

overview

10

Static

static

1

2025-04-24...de.exe

windows10-2004-x64

10

2025-04-24...de.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-24_52c99e71e2bf345bb47462095bea1724_amadey_black-basta_cobalt-strike_elex_floxif_hijackloader_luca-stealer_smoke-loader

  • Size

    371KB

  • Sample

    250424-qbh7ksvrx5

  • MD5

    52c99e71e2bf345bb47462095bea1724

  • SHA1

    734517e6d2ec2fa22dd99f28618f52fd65a6d1d8

  • SHA256

    bcc60a6cdfb39d87672226dbeeb346346752f7a92eb4313451fa9010d4cf99af

  • SHA512

    22d4935f6201e1bd136d50c5024b3c17966c390f96cccb49bae3137e80d0cdb5bd1bd94d11ae8491301c4b95a23f448576dc2f8491c38c1a8218b6475744984d

  • SSDEEP

    6144:VhabloKMimZI46P5BKb854fguJs3uVAOs5qiwckGIk0ggwJhi/rQx+D8dBV+Udvg:ul5MiU50ab854fgufK5qiw8Ik0ggwJhK

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2025-04-24_52c99e71e2bf345bb47462095bea1724_amadey_black-basta_cobalt-strike_elex_floxif_hijackloader_luca-stealer_smoke-loader

    • Size

      371KB

    • MD5

      52c99e71e2bf345bb47462095bea1724

    • SHA1

      734517e6d2ec2fa22dd99f28618f52fd65a6d1d8

    • SHA256

      bcc60a6cdfb39d87672226dbeeb346346752f7a92eb4313451fa9010d4cf99af

    • SHA512

      22d4935f6201e1bd136d50c5024b3c17966c390f96cccb49bae3137e80d0cdb5bd1bd94d11ae8491301c4b95a23f448576dc2f8491c38c1a8218b6475744984d

    • SSDEEP

      6144:VhabloKMimZI46P5BKb854fguJs3uVAOs5qiwckGIk0ggwJhi/rQx+D8dBV+Udvg:ul5MiU50ab854fgufK5qiw8Ik0ggwJhK

    Score
    10/10
    floxifbackdoordiscoverytrojanupxpersistenceprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks