General
-
Target
2024-12-31_c68ba3cef99ef682df1f70b82ca40f81_floxif_poet-rat_snatch
-
Size
8.3MB
-
Sample
241231-cdrpvayjcl
-
MD5
c68ba3cef99ef682df1f70b82ca40f81
-
SHA1
444b9fe3b569e5e12fe8a4690beedb62f623747c
-
SHA256
ba3a5d58e92d21c326cb8fa2ff37071793e97640687abaeb200146a7059e126a
-
SHA512
698604b6aff725f4b280ae372cded2c14c7feec9a8232c46976351bc9cf044d3cf2e7a2df99b4308b5d6521e20259792f599a350817987c3adf27830fd478c16
-
SSDEEP
98304:n1eTNno6ndsjRN1dpQz+oopJ6ze8YCqDWecj5mNBMpOje:n1ANn/8jvpJQe8YceJBMMje
Malware Config
Targets
-
-
Target
2024-12-31_c68ba3cef99ef682df1f70b82ca40f81_floxif_poet-rat_snatch
-
Size
8.3MB
-
MD5
c68ba3cef99ef682df1f70b82ca40f81
-
SHA1
444b9fe3b569e5e12fe8a4690beedb62f623747c
-
SHA256
ba3a5d58e92d21c326cb8fa2ff37071793e97640687abaeb200146a7059e126a
-
SHA512
698604b6aff725f4b280ae372cded2c14c7feec9a8232c46976351bc9cf044d3cf2e7a2df99b4308b5d6521e20259792f599a350817987c3adf27830fd478c16
-
SSDEEP
98304:n1eTNno6ndsjRN1dpQz+oopJ6ze8YCqDWecj5mNBMpOje:n1ANn/8jvpJQe8YceJBMMje
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-