General

  • Target

    2024-09-09_de4ffaeaf13c40353fac985f63f637fd_bkransomware_floxif

  • Size

    3.6MB

  • Sample

    240909-eptdxstdkg

  • MD5

    de4ffaeaf13c40353fac985f63f637fd

  • SHA1

    d99c4fbe95e29020f82f8c5991383892745c2551

  • SHA256

    a6095c37806c14a683db26c8e5a4defdf0f279638b884d7ab2c0a0bc654178f5

  • SHA512

    9957d5eaad7ddd6c48974b0fb0e7f7a9d60de53330850f14acaa8eba2a5f1b2183c0690bb3dd6df0ee8647ec31073425c7cc21ddb80f491495a1c48a32905524

  • SSDEEP

    98304:gt4aYo4EQz0psVuHh3OFuxEfPrzgpkFLOAkGkzdnEVomFHKnPwW:gBBM22FfPrzgOFLOyomFHKnPwW

Malware Config

Targets

    • Target

      2024-09-09_de4ffaeaf13c40353fac985f63f637fd_bkransomware_floxif

    • Size

      3.6MB

    • MD5

      de4ffaeaf13c40353fac985f63f637fd

    • SHA1

      d99c4fbe95e29020f82f8c5991383892745c2551

    • SHA256

      a6095c37806c14a683db26c8e5a4defdf0f279638b884d7ab2c0a0bc654178f5

    • SHA512

      9957d5eaad7ddd6c48974b0fb0e7f7a9d60de53330850f14acaa8eba2a5f1b2183c0690bb3dd6df0ee8647ec31073425c7cc21ddb80f491495a1c48a32905524

    • SSDEEP

      98304:gt4aYo4EQz0psVuHh3OFuxEfPrzgpkFLOAkGkzdnEVomFHKnPwW:gBBM22FfPrzgOFLOyomFHKnPwW

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks