General
-
Target
2024-12-12_123f9e02e2a3598bd21b6fc7a7d2e633_bkransomware_floxif
-
Size
4.7MB
-
Sample
241212-ngkaqasla1
-
MD5
123f9e02e2a3598bd21b6fc7a7d2e633
-
SHA1
4c50eef87f051e09d978a7ce83f8fe5d5adc129b
-
SHA256
435ac3af7ab05ef8de79e5e8c3879828d31d2e563a632e7361577f823ac02c24
-
SHA512
8a100759e52b588b587d21e8a8a8d0a9534b408134902b9dd35c281ee330b35210c49051da811287289a22527578bf42afce3030558bc063068e7bf96b605709
-
SSDEEP
98304:kBe40bl9dRPenSX5gaoCX0DHDB1dE46V3u/c:h3NenKX8L/c
Malware Config
Targets
-
-
Target
2024-12-12_123f9e02e2a3598bd21b6fc7a7d2e633_bkransomware_floxif
-
Size
4.7MB
-
MD5
123f9e02e2a3598bd21b6fc7a7d2e633
-
SHA1
4c50eef87f051e09d978a7ce83f8fe5d5adc129b
-
SHA256
435ac3af7ab05ef8de79e5e8c3879828d31d2e563a632e7361577f823ac02c24
-
SHA512
8a100759e52b588b587d21e8a8a8d0a9534b408134902b9dd35c281ee330b35210c49051da811287289a22527578bf42afce3030558bc063068e7bf96b605709
-
SSDEEP
98304:kBe40bl9dRPenSX5gaoCX0DHDB1dE46V3u/c:h3NenKX8L/c
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-