General
-
Target
2024-12-10_7394131db0517873d7b3a88c634cf321_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
Sample
241210-pprkfazrbp
-
MD5
7394131db0517873d7b3a88c634cf321
-
SHA1
0ba8e47cb1f98a1b3868c85f3e8c8b03b03186d7
-
SHA256
1fcd5d9317b5c6945085d314257e537583200e9a15227a513682337d5722655e
-
SHA512
efc1d71113f1a16d2c42adcff2c08e7d3b0b352df1e3b77571ec83f12ae5bd0616f0cae3621a676e8442c3dc39489065d0ac9f5ce30888095d7146ff2fce6b1e
-
SSDEEP
98304:8TstQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZsDByQNdXCd0I:8It30t0u/Zk2OXCd0LWkVgeXS7
Malware Config
Targets
-
-
Target
2024-12-10_7394131db0517873d7b3a88c634cf321_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
MD5
7394131db0517873d7b3a88c634cf321
-
SHA1
0ba8e47cb1f98a1b3868c85f3e8c8b03b03186d7
-
SHA256
1fcd5d9317b5c6945085d314257e537583200e9a15227a513682337d5722655e
-
SHA512
efc1d71113f1a16d2c42adcff2c08e7d3b0b352df1e3b77571ec83f12ae5bd0616f0cae3621a676e8442c3dc39489065d0ac9f5ce30888095d7146ff2fce6b1e
-
SSDEEP
98304:8TstQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZsDByQNdXCd0I:8It30t0u/Zk2OXCd0LWkVgeXS7
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
A potential corporate email address has been identified in the URL: [email protected]
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1