General
-
Target
f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
-
Size
1.4MB
-
Sample
241212-fnrdlswkdr
-
MD5
f092acde702fdacf415d10509eef8701
-
SHA1
6c5b8fa2d16c61bd0bc5bc7f73db00a790f208f8
-
SHA256
f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
-
SHA512
a30dea6055d5a9560343984e7189ce1fce0ce8b6cf352f63a4fbf8beaca614fb273b1b3399ddf4c2d92d0bebcff025022e3849d3d9a54fb04411c9e4c160b0b1
-
SSDEEP
24576:jLsgtxjqgr9vP0ofHXacAZdevw5dpow8OyqDEsTrAci8RhV6P2s3JkhbxLervrEd:jljwcKMvw/pocBHTvi8RhV6P2s3KxeI
Malware Config
Targets
-
-
Target
f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
-
Size
1.4MB
-
MD5
f092acde702fdacf415d10509eef8701
-
SHA1
6c5b8fa2d16c61bd0bc5bc7f73db00a790f208f8
-
SHA256
f8c3b043af4a5e5ba484c366bb0bcf643b265cd7edcf1d41d5d069d02a29ad57
-
SHA512
a30dea6055d5a9560343984e7189ce1fce0ce8b6cf352f63a4fbf8beaca614fb273b1b3399ddf4c2d92d0bebcff025022e3849d3d9a54fb04411c9e4c160b0b1
-
SSDEEP
24576:jLsgtxjqgr9vP0ofHXacAZdevw5dpow8OyqDEsTrAci8RhV6P2s3JkhbxLervrEd:jljwcKMvw/pocBHTvi8RhV6P2s3KxeI
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Blocklisted process makes network request
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-