Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-09-30_bc64976c095fb66a8b7ff82692d46d11_bkransomware_floxif_hijackloader
-
Size
3.4MB
-
Sample
240930-mj2gcazerr
-
MD5
bc64976c095fb66a8b7ff82692d46d11
-
SHA1
d6beb324e6f6058dd4b3902cd907191ce991bfdf
-
SHA256
2c3d48205a200f13cec47f2b9873f24f07bd41f8884b6713d61d150aa291ad5d
-
SHA512
61eb7f3fab9bac87e2fc0fa9b045cfe58000bc3798b6c663542766d4fd0185ec174c0caaa0b57a4fe9a9bef7cadd53a50b40beabb86630f7b5f00e8965c95828
-
SSDEEP
49152:iZi5Wu7I/Bzfz/ZHg1pHtOUYqP3CFOrtG/RR9sXafgkDFMVR9C1UhPJXMK701hOq:iI5Wt/BzfzW1t0xOouBiCV2Hp
Malware Config
Targets
-
-
Target
2024-09-30_bc64976c095fb66a8b7ff82692d46d11_bkransomware_floxif_hijackloader
-
Size
3.4MB
-
MD5
bc64976c095fb66a8b7ff82692d46d11
-
SHA1
d6beb324e6f6058dd4b3902cd907191ce991bfdf
-
SHA256
2c3d48205a200f13cec47f2b9873f24f07bd41f8884b6713d61d150aa291ad5d
-
SHA512
61eb7f3fab9bac87e2fc0fa9b045cfe58000bc3798b6c663542766d4fd0185ec174c0caaa0b57a4fe9a9bef7cadd53a50b40beabb86630f7b5f00e8965c95828
-
SSDEEP
49152:iZi5Wu7I/Bzfz/ZHg1pHtOUYqP3CFOrtG/RR9sXafgkDFMVR9C1UhPJXMK701hOq:iI5Wt/BzfzW1t0xOouBiCV2Hp
Score10/10-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1