General
-
Target
https://gofile.io/d/Y0c7NF
-
Sample
250519-s154razrz7
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/Y0c7NF
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
https://gofile.io/d/Y0c7NF
Resource
win10ltsc2021-20250425-en
Behavioral task
behavioral3
Sample
https://gofile.io/d/Y0c7NF
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
https://gofile.io/d/Y0c7NF
-
Floxif family
-
Modifies WinLogon for persistence
-
UAC bypass
-
Detects Floxif payload
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
6Pre-OS Boot
1Bootkit
1