Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-09-30_bc64976c095fb66a8b7ff82692d46d11_bkransomware_floxif_hijackloader

  • Size

    3.4MB

  • Sample

    240930-mj2gcazerr

  • MD5

    bc64976c095fb66a8b7ff82692d46d11

  • SHA1

    d6beb324e6f6058dd4b3902cd907191ce991bfdf

  • SHA256

    2c3d48205a200f13cec47f2b9873f24f07bd41f8884b6713d61d150aa291ad5d

  • SHA512

    61eb7f3fab9bac87e2fc0fa9b045cfe58000bc3798b6c663542766d4fd0185ec174c0caaa0b57a4fe9a9bef7cadd53a50b40beabb86630f7b5f00e8965c95828

  • SSDEEP

    49152:iZi5Wu7I/Bzfz/ZHg1pHtOUYqP3CFOrtG/RR9sXafgkDFMVR9C1UhPJXMK701hOq:iI5Wt/BzfzW1t0xOouBiCV2Hp

Malware Config

Targets

    • Target

      2024-09-30_bc64976c095fb66a8b7ff82692d46d11_bkransomware_floxif_hijackloader

    • Size

      3.4MB

    • MD5

      bc64976c095fb66a8b7ff82692d46d11

    • SHA1

      d6beb324e6f6058dd4b3902cd907191ce991bfdf

    • SHA256

      2c3d48205a200f13cec47f2b9873f24f07bd41f8884b6713d61d150aa291ad5d

    • SHA512

      61eb7f3fab9bac87e2fc0fa9b045cfe58000bc3798b6c663542766d4fd0185ec174c0caaa0b57a4fe9a9bef7cadd53a50b40beabb86630f7b5f00e8965c95828

    • SSDEEP

      49152:iZi5Wu7I/Bzfz/ZHg1pHtOUYqP3CFOrtG/RR9sXafgkDFMVR9C1UhPJXMK701hOq:iI5Wt/BzfzW1t0xOouBiCV2Hp

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks