General
-
Target
20240904aacceba6e53d5029434e0b00584a7421bkransomwarefloxif
-
Size
4.7MB
-
Sample
240904-qf4dbasapb
-
MD5
aacceba6e53d5029434e0b00584a7421
-
SHA1
30a1f9ea6e143ad352db1e5fb9d0acdb34aa8a4c
-
SHA256
ae00a080d8325a45d7e84a296c573ea07e45fe3e9ae11db6daafe144f8e294d6
-
SHA512
a039da6835eb088a8c0b4e42ea30c00c7786bb3553cac24d28693f428cf33c537ab179ae7b4c7e85abe5a8a517ff17b1b3da0580977882ec5b6bb0a517e4f628
-
SSDEEP
98304:kb40bl9dRPenSX5gSoCn0DHDB1dE46V3u/Z:i3Nenqn8L/Z
Malware Config
Targets
-
-
Target
20240904aacceba6e53d5029434e0b00584a7421bkransomwarefloxif
-
Size
4.7MB
-
MD5
aacceba6e53d5029434e0b00584a7421
-
SHA1
30a1f9ea6e143ad352db1e5fb9d0acdb34aa8a4c
-
SHA256
ae00a080d8325a45d7e84a296c573ea07e45fe3e9ae11db6daafe144f8e294d6
-
SHA512
a039da6835eb088a8c0b4e42ea30c00c7786bb3553cac24d28693f428cf33c537ab179ae7b4c7e85abe5a8a517ff17b1b3da0580977882ec5b6bb0a517e4f628
-
SSDEEP
98304:kb40bl9dRPenSX5gSoCn0DHDB1dE46V3u/Z:i3Nenqn8L/Z
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-