General
-
Target
2024-12-12_2fc8e3ae9a9483500ecd4e52a19a65e8_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
665KB
-
Sample
241212-xf5ppsvpgq
-
MD5
2fc8e3ae9a9483500ecd4e52a19a65e8
-
SHA1
40ac9b4f18ea9a07e0e78c3d9463fa64a09eda4c
-
SHA256
b489697e467a719e5e518229bb2db28d959308e5434e421ba01a476a571a3767
-
SHA512
ff7d22c12f474fb9fc7d5e24c75f6fa3a2bba8d2e89773b2a0086fb2fd9b2dc39a71d4b16bc05dc3537098d8ae577e4b59d9782e7ecf205193b18906578af3a1
-
SSDEEP
12288:XubXccafJcLlnpD0QwnVWqqPIBONhxsU/EbBjvrEH7N:Xurn9vXr/xsU/EhrEH7N
Malware Config
Targets
-
-
Target
2024-12-12_2fc8e3ae9a9483500ecd4e52a19a65e8_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
665KB
-
MD5
2fc8e3ae9a9483500ecd4e52a19a65e8
-
SHA1
40ac9b4f18ea9a07e0e78c3d9463fa64a09eda4c
-
SHA256
b489697e467a719e5e518229bb2db28d959308e5434e421ba01a476a571a3767
-
SHA512
ff7d22c12f474fb9fc7d5e24c75f6fa3a2bba8d2e89773b2a0086fb2fd9b2dc39a71d4b16bc05dc3537098d8ae577e4b59d9782e7ecf205193b18906578af3a1
-
SSDEEP
12288:XubXccafJcLlnpD0QwnVWqqPIBONhxsU/EbBjvrEH7N:Xurn9vXr/xsU/EhrEH7N
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-