General
-
Target
2024-12-30_fa94551b88d45da40e05a409eb1d40fc_avoslocker_floxif_luca-stealer
-
Size
1008KB
-
Sample
241230-rr5wysxkhj
-
MD5
fa94551b88d45da40e05a409eb1d40fc
-
SHA1
ee6a013d07a2aaf0c534e1693352641ba9310131
-
SHA256
8ad0fdcd8b84863247e28e46411ccf9873a34e0647a1facf39fe4847f88e4be4
-
SHA512
aa2e46ea20009d55bae9f83fe042e742d5d2a682cdd729bc9bea53e0e757635217c14f81c48a72c0117c94febfd0db625bb165c05a4a4487a406ec4f4b7302dd
-
SSDEEP
12288:Ftoj3+iKGi7YqGGBFoucexZyEmB3iTUU0kxi9jP8arunAms7SlNvokpCmkMGKmum:j03hEYqxqn1rEH7fSr
Malware Config
Targets
-
-
Target
2024-12-30_fa94551b88d45da40e05a409eb1d40fc_avoslocker_floxif_luca-stealer
-
Size
1008KB
-
MD5
fa94551b88d45da40e05a409eb1d40fc
-
SHA1
ee6a013d07a2aaf0c534e1693352641ba9310131
-
SHA256
8ad0fdcd8b84863247e28e46411ccf9873a34e0647a1facf39fe4847f88e4be4
-
SHA512
aa2e46ea20009d55bae9f83fe042e742d5d2a682cdd729bc9bea53e0e757635217c14f81c48a72c0117c94febfd0db625bb165c05a4a4487a406ec4f4b7302dd
-
SSDEEP
12288:Ftoj3+iKGi7YqGGBFoucexZyEmB3iTUU0kxi9jP8arunAms7SlNvokpCmkMGKmum:j03hEYqxqn1rEH7fSr
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-