General
-
Target
2024-09-05_3ee8c00f12387b86e141fc5be1e22300_bkransomware_floxif
-
Size
3.6MB
-
Sample
240905-a4dvka1aqa
-
MD5
3ee8c00f12387b86e141fc5be1e22300
-
SHA1
b7a20a1290d3840f500a0213189615326fc9f5ef
-
SHA256
4d1049d8d39acc678915dcaf385c09430d950f051f6dadd024316a4109d3214f
-
SHA512
49a5b48c9a1f13613dede27a07f6d88c7299c3db924328671cafc5ee43d32b257db40b0ea18e9a7a9e180306ea6f90d48db171f73a81eaaccd0e1b7455039230
-
SSDEEP
98304:gtXaYo4EQz0pscuHh3OFuaEfPrzgpkFLOAkGkzdnEVomFHKnPwC:gcBM2vCfPrzgOFLOyomFHKnPwC
Malware Config
Targets
-
-
Target
2024-09-05_3ee8c00f12387b86e141fc5be1e22300_bkransomware_floxif
-
Size
3.6MB
-
MD5
3ee8c00f12387b86e141fc5be1e22300
-
SHA1
b7a20a1290d3840f500a0213189615326fc9f5ef
-
SHA256
4d1049d8d39acc678915dcaf385c09430d950f051f6dadd024316a4109d3214f
-
SHA512
49a5b48c9a1f13613dede27a07f6d88c7299c3db924328671cafc5ee43d32b257db40b0ea18e9a7a9e180306ea6f90d48db171f73a81eaaccd0e1b7455039230
-
SSDEEP
98304:gtXaYo4EQz0pscuHh3OFuaEfPrzgpkFLOAkGkzdnEVomFHKnPwC:gcBM2vCfPrzgOFLOyomFHKnPwC
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-