General
-
Target
2024-12-12_4ba01fb6736d7eba31916e90603e7399_bkransomware_floxif
-
Size
12.4MB
-
Sample
241212-f3ch1askbv
-
MD5
4ba01fb6736d7eba31916e90603e7399
-
SHA1
e658379e9433f9de520bc52d2d2e4fb473434eee
-
SHA256
98e17929bd89d7ec162b1ef16be8c101bdd6b50a4bc301be3e66f839e3c6ef18
-
SHA512
0cadd43dec996186767b19f1d3c73f9ab5658fe71ed26d74438e5857c94a993f38cb928bf535680960359a4840da54952cf067e7e33885daa600db8d5fd1c54e
-
SSDEEP
98304:NrHqmH10K96SwYIctkdjDDAOfDQter0vobgKznixRuaa5lQTQYbMAiOWqfnPoR6V:NlEXYkda+fziq5lQQYbMAimgeXSg9
Malware Config
Targets
-
-
Target
2024-12-12_4ba01fb6736d7eba31916e90603e7399_bkransomware_floxif
-
Size
12.4MB
-
MD5
4ba01fb6736d7eba31916e90603e7399
-
SHA1
e658379e9433f9de520bc52d2d2e4fb473434eee
-
SHA256
98e17929bd89d7ec162b1ef16be8c101bdd6b50a4bc301be3e66f839e3c6ef18
-
SHA512
0cadd43dec996186767b19f1d3c73f9ab5658fe71ed26d74438e5857c94a993f38cb928bf535680960359a4840da54952cf067e7e33885daa600db8d5fd1c54e
-
SSDEEP
98304:NrHqmH10K96SwYIctkdjDDAOfDQter0vobgKznixRuaa5lQTQYbMAiOWqfnPoR6V:NlEXYkda+fziq5lQQYbMAimgeXSg9
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
A potential corporate email address has been identified in the URL: [email protected]
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1