General

  • Target

    2025-05-03_42755cd58d93e82e5a60bf369f95e67d_darkgate_elex_floxif_icedid_rhadamanthys

  • Size

    8.1MB

  • Sample

    250503-kgvjxaspz4

  • MD5

    42755cd58d93e82e5a60bf369f95e67d

  • SHA1

    d2e481f0570b9edddaeebbcd025ac1ce34427c08

  • SHA256

    933ad42b3cf4ca96fa00506115805ad58ecf732ecde2e93f0e925c5d9394b987

  • SHA512

    600dd422a3ad9d1a33e837459fdd00ceb75ced6e3f8521cf9b4d2aacee01ce5f9f1801903a0b16f3c6d927ad5244436ded181b59ca235062fa77b76fb56111d2

  • SSDEEP

    196608:E+tPHwAW3gYrtIXgWfJqOFdv5Wr/lDuvsivd7uA0yPi9x0rgG9Vba8cTfqVVoV9f:E8HxXBf4JZKka7WyiCWLq0Nt

Malware Config

Targets

    • Target

      2025-05-03_42755cd58d93e82e5a60bf369f95e67d_darkgate_elex_floxif_icedid_rhadamanthys

    • Size

      8.1MB

    • MD5

      42755cd58d93e82e5a60bf369f95e67d

    • SHA1

      d2e481f0570b9edddaeebbcd025ac1ce34427c08

    • SHA256

      933ad42b3cf4ca96fa00506115805ad58ecf732ecde2e93f0e925c5d9394b987

    • SHA512

      600dd422a3ad9d1a33e837459fdd00ceb75ced6e3f8521cf9b4d2aacee01ce5f9f1801903a0b16f3c6d927ad5244436ded181b59ca235062fa77b76fb56111d2

    • SSDEEP

      196608:E+tPHwAW3gYrtIXgWfJqOFdv5Wr/lDuvsivd7uA0yPi9x0rgG9Vba8cTfqVVoV9f:E8HxXBf4JZKka7WyiCWLq0Nt

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks