General

  • Target

    2024-07-27_ede93e3cea77749955014502145f5a26_bkransomware_floxif

  • Size

    1.9MB

  • Sample

    240727-pvhvgstale

  • MD5

    ede93e3cea77749955014502145f5a26

  • SHA1

    31cb1a82791e6f3abfd0d9f7e4580a675514ec5f

  • SHA256

    84bf59241edaeda17b7fdac74790d23428db209d0819fb5165b95584d7f894cd

  • SHA512

    b1919bed3ff10c4edc28fdcd05a25fbf78d05e3854a6b223056cae0e18c5e1e793fa1bef38364c23825937f637921b359936f72ce8e31d8d7ae6f1c202f17132

  • SSDEEP

    49152:Hn5w1wAEkk4HhsTGhbcbfrp8RjDUMKrjUbsT4/rVCAgwqLVJBZ:H5w1wAEk5HhNbcTrORqXUbsT4/rVCdww

Malware Config

Targets

    • Target

      2024-07-27_ede93e3cea77749955014502145f5a26_bkransomware_floxif

    • Size

      1.9MB

    • MD5

      ede93e3cea77749955014502145f5a26

    • SHA1

      31cb1a82791e6f3abfd0d9f7e4580a675514ec5f

    • SHA256

      84bf59241edaeda17b7fdac74790d23428db209d0819fb5165b95584d7f894cd

    • SHA512

      b1919bed3ff10c4edc28fdcd05a25fbf78d05e3854a6b223056cae0e18c5e1e793fa1bef38364c23825937f637921b359936f72ce8e31d8d7ae6f1c202f17132

    • SSDEEP

      49152:Hn5w1wAEkk4HhsTGhbcbfrp8RjDUMKrjUbsT4/rVCAgwqLVJBZ:H5w1wAEk5HhNbcTrORqXUbsT4/rVCdww

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks