General
-
Target
2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif
-
Size
5.3MB
-
Sample
241109-pqt2ysvbka
-
MD5
8c1e2481768c32f4ae96ba0e9e58d1fb
-
SHA1
c76f167e35d1e5ddd2e27f577ebb784892c76482
-
SHA256
997e3463d06006086697f665953a5a62d7774c42d0b5d2dabdd7ab9c68eb6282
-
SHA512
9ffb3cb8d620206aa3685bb5ab47339441312d93f43d88b690d030fede29f8c52a71c2ee8c1135317d2c4535b91d3bef17ef0d14dba73e82a2a64c817f70f444
-
SSDEEP
98304:mbJ+/IoO2CWYG3vetHqzvaDEe35VMoORFLOAkGkzdnEVomFHKnPzv:mbJH2nNvel35VMdFLOyomFHKnPzv
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif
-
Size
5.3MB
-
MD5
8c1e2481768c32f4ae96ba0e9e58d1fb
-
SHA1
c76f167e35d1e5ddd2e27f577ebb784892c76482
-
SHA256
997e3463d06006086697f665953a5a62d7774c42d0b5d2dabdd7ab9c68eb6282
-
SHA512
9ffb3cb8d620206aa3685bb5ab47339441312d93f43d88b690d030fede29f8c52a71c2ee8c1135317d2c4535b91d3bef17ef0d14dba73e82a2a64c817f70f444
-
SSDEEP
98304:mbJ+/IoO2CWYG3vetHqzvaDEe35VMoORFLOAkGkzdnEVomFHKnPzv:mbJH2nNvel35VMdFLOyomFHKnPzv
-
Floxif family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-