General
-
Target
2024-12-13_44aa22808b1b213388579c9489b33ecf_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
Sample
241213-pntneaznhp
-
MD5
44aa22808b1b213388579c9489b33ecf
-
SHA1
43d0dd08957b8c9890186e174bf1fbf003c5b7e7
-
SHA256
4c58ffa3902b87d8290cb04b80790235ad03b093ec1ff32d67b382506943cd8b
-
SHA512
1414ab6e4d7d038b5445428129eb8c7336b0b33bce1998e7a7cc0a232cf5b2814bf448f6a69a9df0f28ddb8c31584dc8839061653eb00a4a075ef012628d83cd
-
SSDEEP
98304:8TVtQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZVDByQNdXCd01:8bt30t0u/Zk2JXCd0LWkVgeXSK
Malware Config
Targets
-
-
Target
2024-12-13_44aa22808b1b213388579c9489b33ecf_bkransomware_floxif_hijackloader
-
Size
14.4MB
-
MD5
44aa22808b1b213388579c9489b33ecf
-
SHA1
43d0dd08957b8c9890186e174bf1fbf003c5b7e7
-
SHA256
4c58ffa3902b87d8290cb04b80790235ad03b093ec1ff32d67b382506943cd8b
-
SHA512
1414ab6e4d7d038b5445428129eb8c7336b0b33bce1998e7a7cc0a232cf5b2814bf448f6a69a9df0f28ddb8c31584dc8839061653eb00a4a075ef012628d83cd
-
SSDEEP
98304:8TVtQIZETGdOfW0+bs0ZmjBjcaw2lsuze/iBXsLVMZHvOyGCPvPZVDByQNdXCd01:8bt30t0u/Zk2JXCd0LWkVgeXSK
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
A potential corporate email address has been identified in the URL: [email protected]
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1