General

  • Target

    2024-07-27_510357947c757464e9c2b710008771a2_bkransomware_floxif

  • Size

    1.9MB

  • Sample

    240727-ppwjdszckm

  • MD5

    510357947c757464e9c2b710008771a2

  • SHA1

    43443dbbadab0b2c4f320b6ad056c81228b26247

  • SHA256

    8e54126fda189f27934115555f971789951da72013fea054170a85153bfafc56

  • SHA512

    7828ff04587c50e7f800fce2e2a303c13c08a07eee9771ec09dbb576a419a39e3173dffac75aaa6899646363742afade455f15dc7f25600b6de5c44c02f5497d

  • SSDEEP

    49152:9f3ZoG3UCj5qzWt2skmzb2R3NByCYcMdCqy+Xyomp6Ik:lZP3UCj50WtQwb2R3NWcMdCqy+XT

Malware Config

Targets

    • Target

      2024-07-27_510357947c757464e9c2b710008771a2_bkransomware_floxif

    • Size

      1.9MB

    • MD5

      510357947c757464e9c2b710008771a2

    • SHA1

      43443dbbadab0b2c4f320b6ad056c81228b26247

    • SHA256

      8e54126fda189f27934115555f971789951da72013fea054170a85153bfafc56

    • SHA512

      7828ff04587c50e7f800fce2e2a303c13c08a07eee9771ec09dbb576a419a39e3173dffac75aaa6899646363742afade455f15dc7f25600b6de5c44c02f5497d

    • SSDEEP

      49152:9f3ZoG3UCj5qzWt2skmzb2R3NByCYcMdCqy+Xyomp6Ik:lZP3UCj50WtQwb2R3NWcMdCqy+XT

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks