General
-
Target
2025-01-08_40a625d0783962f9f9388edecd63150f_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
224KB
-
Sample
250108-w9vk6aykat
-
MD5
40a625d0783962f9f9388edecd63150f
-
SHA1
15322a7a8083722b026a9bbc1eb1d743372b1c37
-
SHA256
7fcc99ddb252e746d4368662ddeb8edd805bbfdccecb375a79c09e06d5e07ad2
-
SHA512
0a959b0337bff554be2b3d4ef471321962b0bd38a8315d2f0ab1382ae807aea03291840e849aa808de41b67c7676b2e02f739299ea6045ab045150d66b7641e5
-
SSDEEP
6144:ayC2zi7ajvRc30KZH2FaLw9hH4JdBV+UdvrEFp7hKO:ayC2zi+jv8O9hH4JdBjvrEH7d
Malware Config
Targets
-
-
Target
2025-01-08_40a625d0783962f9f9388edecd63150f_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
224KB
-
MD5
40a625d0783962f9f9388edecd63150f
-
SHA1
15322a7a8083722b026a9bbc1eb1d743372b1c37
-
SHA256
7fcc99ddb252e746d4368662ddeb8edd805bbfdccecb375a79c09e06d5e07ad2
-
SHA512
0a959b0337bff554be2b3d4ef471321962b0bd38a8315d2f0ab1382ae807aea03291840e849aa808de41b67c7676b2e02f739299ea6045ab045150d66b7641e5
-
SSDEEP
6144:ayC2zi7ajvRc30KZH2FaLw9hH4JdBV+UdvrEFp7hKO:ayC2zi+jv8O9hH4JdBjvrEH7d
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-