General

  • Target

    2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif

  • Size

    5.3MB

  • Sample

    241109-pqt2ysvbka

  • MD5

    8c1e2481768c32f4ae96ba0e9e58d1fb

  • SHA1

    c76f167e35d1e5ddd2e27f577ebb784892c76482

  • SHA256

    997e3463d06006086697f665953a5a62d7774c42d0b5d2dabdd7ab9c68eb6282

  • SHA512

    9ffb3cb8d620206aa3685bb5ab47339441312d93f43d88b690d030fede29f8c52a71c2ee8c1135317d2c4535b91d3bef17ef0d14dba73e82a2a64c817f70f444

  • SSDEEP

    98304:mbJ+/IoO2CWYG3vetHqzvaDEe35VMoORFLOAkGkzdnEVomFHKnPzv:mbJH2nNvel35VMdFLOyomFHKnPzv

Malware Config

Targets

    • Target

      2024-11-09_8c1e2481768c32f4ae96ba0e9e58d1fb_bkransomware_floxif

    • Size

      5.3MB

    • MD5

      8c1e2481768c32f4ae96ba0e9e58d1fb

    • SHA1

      c76f167e35d1e5ddd2e27f577ebb784892c76482

    • SHA256

      997e3463d06006086697f665953a5a62d7774c42d0b5d2dabdd7ab9c68eb6282

    • SHA512

      9ffb3cb8d620206aa3685bb5ab47339441312d93f43d88b690d030fede29f8c52a71c2ee8c1135317d2c4535b91d3bef17ef0d14dba73e82a2a64c817f70f444

    • SSDEEP

      98304:mbJ+/IoO2CWYG3vetHqzvaDEe35VMoORFLOAkGkzdnEVomFHKnPzv:mbJH2nNvel35VMdFLOyomFHKnPzv

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks