General
-
Target
2025-04-24_cd3c9cf58c737b7c004a84ab0838a36a_amadey_elex_floxif_rhadamanthys_smoke-loader
-
Size
258KB
-
Sample
250424-warp8aztdv
-
MD5
cd3c9cf58c737b7c004a84ab0838a36a
-
SHA1
00332101a67aa5c2dede3a1b47868a6bd8b91968
-
SHA256
c6e7ae75a33d46584f911517d17908953c819ecabe27ce5cf7375f809503a23e
-
SHA512
5593720ffa680c46bb598b8d4d5e727241d3c680fcc9cbc4440f1d5cbab7a606d6309f4cecc8c51054d82f21f0ca2dbeb1fb2e683a1a148bd391e788f2cc26f7
-
SSDEEP
3072:GTR8b6hYxSAyQIrZBbSJKbsQvVqRlkM4OAD/KLznBuB2JA2BjSor:GTR8b6WxxYZbsQvMRlkM4RD/qzMfUl
Malware Config
Targets
-
-
Target
2025-04-24_cd3c9cf58c737b7c004a84ab0838a36a_amadey_elex_floxif_rhadamanthys_smoke-loader
-
Size
258KB
-
MD5
cd3c9cf58c737b7c004a84ab0838a36a
-
SHA1
00332101a67aa5c2dede3a1b47868a6bd8b91968
-
SHA256
c6e7ae75a33d46584f911517d17908953c819ecabe27ce5cf7375f809503a23e
-
SHA512
5593720ffa680c46bb598b8d4d5e727241d3c680fcc9cbc4440f1d5cbab7a606d6309f4cecc8c51054d82f21f0ca2dbeb1fb2e683a1a148bd391e788f2cc26f7
-
SSDEEP
3072:GTR8b6hYxSAyQIrZBbSJKbsQvVqRlkM4OAD/KLznBuB2JA2BjSor:GTR8b6WxxYZbsQvMRlkM4RD/qzMfUl
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Network Service Discovery
Attempt to gather information on host's network.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-