General
-
Target
2024-11-11_5fe9835021577056f44d26ca70583ecc_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
Sample
241111-plxx2ssngk
-
MD5
5fe9835021577056f44d26ca70583ecc
-
SHA1
0fbffe6f0dcf317e4e54e0c8cf34d75ba6e01f6e
-
SHA256
97c6c3576c4bb4b0cb8e61b9aba3d7f1f5f8fa45accb705acff6e478c91a828c
-
SHA512
d0dbad9663e3f1afb4bbdbc7473300220011f4a4a0b19937b69bd1a66abfecde45d5fe9ef20da3fc8cce52f267e7d2fb6766c5f48a09704210d30d0457a955d8
-
SSDEEP
98304:8T8tQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZBDByQNdXCd0s:8gt30t0u/Zk2VXCd0LWkVgeXSf
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-11_5fe9835021577056f44d26ca70583ecc_bkransomware_floxif_hijackloader.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
2024-11-11_5fe9835021577056f44d26ca70583ecc_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
MD5
5fe9835021577056f44d26ca70583ecc
-
SHA1
0fbffe6f0dcf317e4e54e0c8cf34d75ba6e01f6e
-
SHA256
97c6c3576c4bb4b0cb8e61b9aba3d7f1f5f8fa45accb705acff6e478c91a828c
-
SHA512
d0dbad9663e3f1afb4bbdbc7473300220011f4a4a0b19937b69bd1a66abfecde45d5fe9ef20da3fc8cce52f267e7d2fb6766c5f48a09704210d30d0457a955d8
-
SSDEEP
98304:8T8tQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZBDByQNdXCd0s:8gt30t0u/Zk2VXCd0LWkVgeXSf
-
Floxif family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-