Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Resubmissions

08/05/2025, 05:37

250508-ga6rtabk8v 10

08/05/2025, 02:15

250508-cpvwmshm7v 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://gofile.io/d/TX2I0q

  • Sample

    250508-ga6rtabk8v

Score
10/10
floxifbackdoorbootkitdefense_evasiondiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      https://gofile.io/d/TX2I0q

    Score
    10/10
    floxifbackdoorbootkitdefense_evasiondiscoverypersistencetrojanupx

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »