General
-
Target
2024-12-23_5580778d6130d737fdd370ba1bd834ce_bkransomware_floxif
-
Size
1.9MB
-
Sample
241223-ar7l4ssmey
-
MD5
5580778d6130d737fdd370ba1bd834ce
-
SHA1
98d0153d6b9c1ab86653caea289b61d6f83d6951
-
SHA256
ef78c3f17a9e3bf154166d400f36a2d8a85623d55e06fe63f6ccdb52a0b41644
-
SHA512
2b99d84055b5568f8a357be4afad17ba3e96ecd4a518b50baadf0ec9bc248897a4cbaeb3d6f186b7c46412b9c4d7aaf0dc933a7591842add7652d27fe5b4fc29
-
SSDEEP
49152:vUtFJMs/8OdZ9S7HV6lobLZ0H/Kl8jINUQxDnOmwmNS7R9kWnI:8tnMs/8OH9MV6loHZ0a88NbDnOmwmcI
Malware Config
Targets
-
-
Target
2024-12-23_5580778d6130d737fdd370ba1bd834ce_bkransomware_floxif
-
Size
1.9MB
-
MD5
5580778d6130d737fdd370ba1bd834ce
-
SHA1
98d0153d6b9c1ab86653caea289b61d6f83d6951
-
SHA256
ef78c3f17a9e3bf154166d400f36a2d8a85623d55e06fe63f6ccdb52a0b41644
-
SHA512
2b99d84055b5568f8a357be4afad17ba3e96ecd4a518b50baadf0ec9bc248897a4cbaeb3d6f186b7c46412b9c4d7aaf0dc933a7591842add7652d27fe5b4fc29
-
SSDEEP
49152:vUtFJMs/8OdZ9S7HV6lobLZ0H/Kl8jINUQxDnOmwmNS7R9kWnI:8tnMs/8OH9MV6loHZ0a88NbDnOmwmcI
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-