Overview

overview

10

Static

static

1

2024-12-20...if.exe

windows7-x64

10

2024-12-20...if.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-20_06e4c00a7930bed72d28d32592b5c908_bkransomware_floxif

  • Size

    4.7MB

  • Sample

    241220-j9j37stnfw

  • MD5

    06e4c00a7930bed72d28d32592b5c908

  • SHA1

    c13c125f76e52c2d979706d730fad6b58ed67406

  • SHA256

    2bfb82a8c64cafabfbbe50fa95781c1fcda2294ead0fb0dc7a2b87ca118cac48

  • SHA512

    f51af39a10f20b181207f9bd0987cb20cff013ea7fc303f69de6cd70314c3088c9cf80b8e5ad08dd5829c81afe1b7b9d19ba97abbf3fcff19d1bb752d07d4e3d

  • SSDEEP

    98304:tBe40bl9dRPenSX5gSoCC0DHDB1dE46V3u/s:a3NenqC8L/s

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      2024-12-20_06e4c00a7930bed72d28d32592b5c908_bkransomware_floxif

    • Size

      4.7MB

    • MD5

      06e4c00a7930bed72d28d32592b5c908

    • SHA1

      c13c125f76e52c2d979706d730fad6b58ed67406

    • SHA256

      2bfb82a8c64cafabfbbe50fa95781c1fcda2294ead0fb0dc7a2b87ca118cac48

    • SHA512

      f51af39a10f20b181207f9bd0987cb20cff013ea7fc303f69de6cd70314c3088c9cf80b8e5ad08dd5829c81afe1b7b9d19ba97abbf3fcff19d1bb752d07d4e3d

    • SSDEEP

      98304:tBe40bl9dRPenSX5gSoCC0DHDB1dE46V3u/s:a3NenqC8L/s

    Score
    10/10
    floxifbackdoordiscoverytrojanupxpersistenceprivilege_escalation

    • Floxif family

      floxif

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

      backdoortrojanfloxif

    • Detects Floxif payload

      backdoor

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.