General

  • Target

    2025-07-02_df8a10daf93c58aa5ba9bbdb7e1a3f30_darkgate_elex_floxif_mafia

  • Size

    2.2MB

  • Sample

    250702-xfjggahr4x

  • MD5

    df8a10daf93c58aa5ba9bbdb7e1a3f30

  • SHA1

    b1b0e4325b0cc60de5152ad8754530657cefb84e

  • SHA256

    c4d78ef0cb9740df4ae7ac4416198e9b0ef3dbaeb24dd2de0ac74ac45b5b889c

  • SHA512

    f99aaa5d0be3a962b762b438eecd334492e231176c5fcb0933f357d8d99c49aa21ba9b0df8099a9593ff1960391bbdaffec644cb478a6aa14d2edd606682dbbe

  • SSDEEP

    49152:F0GyGomcECxXEcJXgwRuFqWVmEPX9lcuqsi9Z7nhj5ofF2FFa:FyGgECxXEiRqqWVmEPX9lcl9xnhj5ofL

Malware Config

Targets

    • Target

      2025-07-02_df8a10daf93c58aa5ba9bbdb7e1a3f30_darkgate_elex_floxif_mafia

    • Size

      2.2MB

    • MD5

      df8a10daf93c58aa5ba9bbdb7e1a3f30

    • SHA1

      b1b0e4325b0cc60de5152ad8754530657cefb84e

    • SHA256

      c4d78ef0cb9740df4ae7ac4416198e9b0ef3dbaeb24dd2de0ac74ac45b5b889c

    • SHA512

      f99aaa5d0be3a962b762b438eecd334492e231176c5fcb0933f357d8d99c49aa21ba9b0df8099a9593ff1960391bbdaffec644cb478a6aa14d2edd606682dbbe

    • SSDEEP

      49152:F0GyGomcECxXEcJXgwRuFqWVmEPX9lcuqsi9Z7nhj5ofF2FFa:FyGgECxXEiRqqWVmEPX9lcl9xnhj5ofL

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks