General
-
Target
2024-08-20_35203f009cd6512de69106174c0c6eb2_bkransomware_floxif
-
Size
2.7MB
-
Sample
240820-g7qf4a1dql
-
MD5
35203f009cd6512de69106174c0c6eb2
-
SHA1
4b8c5701483a875897c60655cc0f15c22b5686d2
-
SHA256
a13b8c504ae2a2c30b2b3116781918d3ac3dcd342ef505acf96cfcfb9da930cc
-
SHA512
00c7c2dd6af19d5e982798b37232f5d230a4546820c2a328b312c863a69c5e89ad045620be24477f04ca3596fca0a27becc5bd33c994f4165cea3b09f80c33d2
-
SSDEEP
49152:Qc0vDRcmeI/DRwGum/uPBC3gGvX/NgRWU+xehCQggn+9Kb+FNv84KDSd3l:Q9dfRwGXuJCVvX/qRR+/Fgn+Mb+FN047
Malware Config
Targets
-
-
Target
2024-08-20_35203f009cd6512de69106174c0c6eb2_bkransomware_floxif
-
Size
2.7MB
-
MD5
35203f009cd6512de69106174c0c6eb2
-
SHA1
4b8c5701483a875897c60655cc0f15c22b5686d2
-
SHA256
a13b8c504ae2a2c30b2b3116781918d3ac3dcd342ef505acf96cfcfb9da930cc
-
SHA512
00c7c2dd6af19d5e982798b37232f5d230a4546820c2a328b312c863a69c5e89ad045620be24477f04ca3596fca0a27becc5bd33c994f4165cea3b09f80c33d2
-
SSDEEP
49152:Qc0vDRcmeI/DRwGum/uPBC3gGvX/NgRWU+xehCQggn+9Kb+FNv84KDSd3l:Q9dfRwGXuJCVvX/qRR+/Fgn+Mb+FN047
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-