General

  • Target

    2024-07-30_4941c62c169993f387700ab3f8593adc_bkransomware_floxif_hijackloader

  • Size

    2.0MB

  • Sample

    240730-avarjsydrj

  • MD5

    4941c62c169993f387700ab3f8593adc

  • SHA1

    a95370f4c3d5c891b41537343d16c3a9e2c5b216

  • SHA256

    de4635305230f1c97805762a414718eb7b892b544decc36e88597e6129f230be

  • SHA512

    508ecb3b90c7c7f9a3934dd6ab29ed02f731c2c7cdf3c2975f3bbe7878356a68f268a1feb04d4d6491dacbe7bd59b6a36679ac016a0148b9607fe753a34f415f

  • SSDEEP

    49152:Dk0eo5nJIioH/q+c6gXR92IISNbecXxHDoSf3M7sSZOZVVNa6Z6:Dk25nHoH/q+c6y92IBRecXxHUSf3M7sC

Malware Config

Targets

    • Target

      2024-07-30_4941c62c169993f387700ab3f8593adc_bkransomware_floxif_hijackloader

    • Size

      2.0MB

    • MD5

      4941c62c169993f387700ab3f8593adc

    • SHA1

      a95370f4c3d5c891b41537343d16c3a9e2c5b216

    • SHA256

      de4635305230f1c97805762a414718eb7b892b544decc36e88597e6129f230be

    • SHA512

      508ecb3b90c7c7f9a3934dd6ab29ed02f731c2c7cdf3c2975f3bbe7878356a68f268a1feb04d4d6491dacbe7bd59b6a36679ac016a0148b9607fe753a34f415f

    • SSDEEP

      49152:Dk0eo5nJIioH/q+c6gXR92IISNbecXxHDoSf3M7sSZOZVVNa6Z6:Dk25nHoH/q+c6y92IBRecXxHUSf3M7sC

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks