floxif | 351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534 | Triage

Sharing

General

Target

351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534.exe
Size

290KB
Sample

240705-eb4mqssaql
MD5

0d751453de328b964f9c6548c25e4d80
SHA1

8393d331a899041b8322de33d3cf4c124075fa82
SHA256

351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534
SHA512

9b2ac2675b58e134cdcf226fa52bcf8bb69de7f20784242b86df92eb5a8c04f07bbc206f788512ba1e25714d07bf253cbcb0bcea0e2d2cea1795324c606e1d71
SSDEEP

6144:Y4EUXfbN0SblTPZSqeRpyH5eTbze6N5wW3eWzbkVgTBV+UdvrEFp7hK+2:Y4EWbm+PZKOH5Sze6N5wW3eW3lBjvrEA

Score

10^/10

floxif backdoor persistence privilege_escalation trojan upx

Malware Config

Targets

- Target
  
  351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534.exe
- Size
  
  290KB
- MD5
  
  0d751453de328b964f9c6548c25e4d80
- SHA1
  
  8393d331a899041b8322de33d3cf4c124075fa82
- SHA256
  
  351005b4b75c99a659012947472d1611fb149633c97d64b51cf81e451b063534
- SHA512
  
  9b2ac2675b58e134cdcf226fa52bcf8bb69de7f20784242b86df92eb5a8c04f07bbc206f788512ba1e25714d07bf253cbcb0bcea0e2d2cea1795324c606e1d71
- SSDEEP
  
  6144:Y4EUXfbN0SblTPZSqeRpyH5eTbze6N5wW3eWzbkVgTBV+UdvrEFp7hK+2:Y4EWbm+PZKOH5Sze6N5wW3eW3lBjvrEA
Score

10^/10

floxif backdoor persistence privilege_escalation trojan upx
- Floxif, Floodfix
  Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
  backdoor trojan floxif
- Detects Floxif payload
  backdoor
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/MoreInfo.dll
- Size
  
  7KB
- MD5
  
  bd393029cc49b415b6c9aeb8a4936516
- SHA1
  
  c67fd92fffd18941bed41bfd6ac4f3b04fd123df
- SHA256
  
  227a4fc9408a44faa5eca608a974bd536814f97b8a4d28b4cac479727167b026
- SHA512
  
  3bb8e5cf4bea7e8adaa62196e58fff9031f49fd4efa78e5bd3e4b9c4e9ba1523864567521793053595d90abec719761a5964ff3abe04b93b24d52e5ffa4c1f96
- SSDEEP
  
  96:LEjAlUFPxXJugoImuaKbkBSEPTpsxKaVQ4Ad:gjAiFPxXJugoImJKQk8yxKaVVe
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/execDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  55a723e125afbc9b3a41d46f41749068
- SHA1
  
  01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
- SHA256
  
  0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
- SHA512
  
  559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
- SSDEEP
  
  96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/newtextreplace.dll
- Size
  
  11KB
- MD5
  
  b5358341df2cb171876a5f201e31a834
- SHA1
  
  df34750ea5504274be5ff8ddd306b49e302d04f9
- SHA256
  
  156b9b583399faf13c4d46b89339fb0f7f38dc847ac2d7872178d8e3998b9734
- SHA512
  
  821dc42e24fa2d44a1d4d16b26c3da2688dac0fa44a266e38da2aff706c91440d83a87abc74131930e6c38a44a0c5e627db2d045375fde147e0edd3276f4b014
- SSDEEP
  
  192:GGhRfigbU26niqo9m+9k15AA1NrW0QfaDx3nxNLr6s+:GIwgSnhv/IaDx3n6X
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  132e6153717a7f9710dcea4536f364cd
- SHA1
  
  e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
- SHA256
  
  d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
- SHA512
  
  9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
- SSDEEP
  
  96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  29KB
- MD5
  
  2880bf3bbbc8dcaeb4367df8a30f01a8
- SHA1
  
  cb5c65eae4ae923514a67c95ada2d33b0c3f2118
- SHA256
  
  acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
- SHA512
  
  ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3
- SSDEEP
  
  768:HsKZwhFkGOr0Ga4+8DFFHR4mmw5+64fuKwX13:HLKmGOr0Ga4+8DFFHRrmw5+m
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

floxifbackdoorpersistenceprivilege_escalationtrojanupx

behavioral2

floxifbackdoorpersistenceprivilege_escalationtrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16