General

  • Target

    2024-07-31_5e59c70b2bb16cb7555d8a4e8d71795d_bkransomware_floxif

  • Size

    2.1MB

  • Sample

    240731-a4ag5ssamd

  • MD5

    5e59c70b2bb16cb7555d8a4e8d71795d

  • SHA1

    673a6f1b440056dc047f9f37856a60d020769c0c

  • SHA256

    6762a11067689af4ce49138b9015562e0d528cca9b68968c09fb64d1b3ac5926

  • SHA512

    ff1de740f8ee0a559089c92a07b18b1549ce7cd5ffaa86445954777126558eb2b0a02458a5e549046d0109738626436efe1016ce0cac4d29b444dc263ee8174a

  • SSDEEP

    49152:bf83LdZrq17O789aSymksotcnkLVdBbQ7Q4URkZhM1C:baLdo17O78op6otcnkfBbQ7Q4URM

Malware Config

Targets

    • Target

      2024-07-31_5e59c70b2bb16cb7555d8a4e8d71795d_bkransomware_floxif

    • Size

      2.1MB

    • MD5

      5e59c70b2bb16cb7555d8a4e8d71795d

    • SHA1

      673a6f1b440056dc047f9f37856a60d020769c0c

    • SHA256

      6762a11067689af4ce49138b9015562e0d528cca9b68968c09fb64d1b3ac5926

    • SHA512

      ff1de740f8ee0a559089c92a07b18b1549ce7cd5ffaa86445954777126558eb2b0a02458a5e549046d0109738626436efe1016ce0cac4d29b444dc263ee8174a

    • SSDEEP

      49152:bf83LdZrq17O789aSymksotcnkLVdBbQ7Q4URkZhM1C:baLdo17O78op6otcnkfBbQ7Q4URM

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks