General
-
Target
2024-09-19_0a6986bf000b3802b1b36dc29a3b86ea_avoslocker_cobalt-strike_floxif
-
Size
224KB
-
Sample
240919-a2bx7a1hkh
-
MD5
0a6986bf000b3802b1b36dc29a3b86ea
-
SHA1
ed76e8d470478ae30b6b2399d3aef35eed7fc166
-
SHA256
66db488eef72928892afb16d711ae8d007fec3bf52f9a9a4ae3944324764ddc6
-
SHA512
1bddf55cf8cef1f35786d4adf0f50c6b58383d058127fc673bc98793e0b87ae4c40b2ceb920600936979682cf89567cbd6ec97510d174995bccdae9968063010
-
SSDEEP
6144:ayd2zi7ajvRcGLKZH2FaShw9hH4JdBV+UdvrEFp7hKcmBCi:ayd2zi+jv5m9hH4JdBjvrEH7GMi
Malware Config
Targets
-
-
Target
2024-09-19_0a6986bf000b3802b1b36dc29a3b86ea_avoslocker_cobalt-strike_floxif
-
Size
224KB
-
MD5
0a6986bf000b3802b1b36dc29a3b86ea
-
SHA1
ed76e8d470478ae30b6b2399d3aef35eed7fc166
-
SHA256
66db488eef72928892afb16d711ae8d007fec3bf52f9a9a4ae3944324764ddc6
-
SHA512
1bddf55cf8cef1f35786d4adf0f50c6b58383d058127fc673bc98793e0b87ae4c40b2ceb920600936979682cf89567cbd6ec97510d174995bccdae9968063010
-
SSDEEP
6144:ayd2zi7ajvRcGLKZH2FaShw9hH4JdBV+UdvrEFp7hKcmBCi:ayd2zi+jv5m9hH4JdBjvrEH7GMi
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-