floxif | 343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e | Triage

Submit
Reports

Overview

overview

Static

static

7

343d857696...7e.exe

windows7-x64

7

343d857696...7e.exe

windows10-2004-x64

Sharing

General

Target

343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e.exe
Size

1.9MB
Sample

240705-d6gwsatgqa
MD5

ad250acadf8f6a483cf445b88130d000
SHA1

b71da0bf217153ab1507c1a7dd372cd4b4107352
SHA256

343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e
SHA512

bec84a7af0dc7bd4b4f3d7e85ccf5d95fb7fed5c23206d193f81d703eaedabb1bd2c7322c8b491e3cd6432f94f7c929616fd92b45b941196c6005c244aa0226a
SSDEEP

49152:fWDUiXqySIORS/sMIHjeFKYB6ZyVBaz4o2nCWQm7pTOhvZ9JKs1:O4ASIk/jyKYB6cVBaz4o2CRm7pTOhvZZ

Score

10^/10

floxif backdoor persistence privilege_escalation trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e.exe

Resource

win7-20240704-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e.exe

Resource

win10v2004-20240704-en

floxif backdoor persistence privilege_escalation trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e.exe
- Size
  
  1.9MB
- MD5
  
  ad250acadf8f6a483cf445b88130d000
- SHA1
  
  b71da0bf217153ab1507c1a7dd372cd4b4107352
- SHA256
  
  343d857696ec311b5ac74a8c5f41e8a7c4e0b2177b0735c5e21a90aa6afa307e
- SHA512
  
  bec84a7af0dc7bd4b4f3d7e85ccf5d95fb7fed5c23206d193f81d703eaedabb1bd2c7322c8b491e3cd6432f94f7c929616fd92b45b941196c6005c244aa0226a
- SSDEEP
  
  49152:fWDUiXqySIORS/sMIHjeFKYB6ZyVBaz4o2nCWQm7pTOhvZ9JKs1:O4ASIk/jyKYB6cVBaz4o2CRm7pTOhvZZ
Score

10^/10

upx floxif backdoor persistence privilege_escalation trojan
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

floxifbackdoorpersistenceprivilege_escalationtrojanupx

© 2018-2024

Terms | Privacy