General

  • Target

    2024-07-31_32261f0a4cf1bc18cc2dfd1c2b6ff7e6_bkransomware_floxif_metamorfo

  • Size

    2.4MB

  • Sample

    240731-br9xxayhlq

  • MD5

    32261f0a4cf1bc18cc2dfd1c2b6ff7e6

  • SHA1

    14c8d229ec031b9f06d67fd645d6b97831197ef7

  • SHA256

    61bc4ee750b44e2f0b363233c48d059d4e990d00fe39b3eff37f5a6d752d57c3

  • SHA512

    6d01187f52b354202b9478e3751958fb5548f8c11ffd539a9b7875b210b8e20086335056d5f86dd0b570311ced4cd4b1226ebce04845ea3e7598a7b281092fbf

  • SSDEEP

    49152:ltve7GRpQILIZEkAxIpuEw4IYE9VyHgtsQcsTZZhZ7K5FS7F:ltm7GRqIL2EvIpuEw4+IHgtsQcwnF

Malware Config

Targets

    • Target

      2024-07-31_32261f0a4cf1bc18cc2dfd1c2b6ff7e6_bkransomware_floxif_metamorfo

    • Size

      2.4MB

    • MD5

      32261f0a4cf1bc18cc2dfd1c2b6ff7e6

    • SHA1

      14c8d229ec031b9f06d67fd645d6b97831197ef7

    • SHA256

      61bc4ee750b44e2f0b363233c48d059d4e990d00fe39b3eff37f5a6d752d57c3

    • SHA512

      6d01187f52b354202b9478e3751958fb5548f8c11ffd539a9b7875b210b8e20086335056d5f86dd0b570311ced4cd4b1226ebce04845ea3e7598a7b281092fbf

    • SSDEEP

      49152:ltve7GRpQILIZEkAxIpuEw4IYE9VyHgtsQcsTZZhZ7K5FS7F:ltm7GRqIL2EvIpuEw4+IHgtsQcwnF

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks