General

  • Target

    2024-07-31_2955cf95013090f6319bccde6a51146f_bkransomware_floxif

  • Size

    3.1MB

  • Sample

    240731-aygn9s1gkh

  • MD5

    2955cf95013090f6319bccde6a51146f

  • SHA1

    3130d05dc59a4b42d08c9a134528f4edd6e7f7f7

  • SHA256

    f3fbc0308f9afe4f384b537e6a511dbb2c157f64599788da9ae2f51be0020ae6

  • SHA512

    0d1b408842230875b122b411adb68f9bf7c3b2f117d17a2fdfbc842dfbc071479c6376f623b1b6c50c8d3520157810285f9a4bb6c315d8ff2d546325ba2062e7

  • SSDEEP

    49152:Mk7xcpob5JLtnrvON2bun5Bzga/mYm/OtKEsxheZYZsg3:RxcG5JLtniNfnb//mM8EsxheZu3

Malware Config

Targets

    • Target

      2024-07-31_2955cf95013090f6319bccde6a51146f_bkransomware_floxif

    • Size

      3.1MB

    • MD5

      2955cf95013090f6319bccde6a51146f

    • SHA1

      3130d05dc59a4b42d08c9a134528f4edd6e7f7f7

    • SHA256

      f3fbc0308f9afe4f384b537e6a511dbb2c157f64599788da9ae2f51be0020ae6

    • SHA512

      0d1b408842230875b122b411adb68f9bf7c3b2f117d17a2fdfbc842dfbc071479c6376f623b1b6c50c8d3520157810285f9a4bb6c315d8ff2d546325ba2062e7

    • SSDEEP

      49152:Mk7xcpob5JLtnrvON2bun5Bzga/mYm/OtKEsxheZYZsg3:RxcG5JLtniNfnb//mM8EsxheZu3

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks