General
-
Target
2025-01-09_815b358f5d2025036ec3aaec288b98d6_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
224KB
-
Sample
250109-waeqnaxrgj
-
MD5
815b358f5d2025036ec3aaec288b98d6
-
SHA1
7df428f86863f6482738233d526e9e8f306d5166
-
SHA256
69dbb12e0280a42f3b98b2b42a6aa0610a8c2d67724fa44d062a7592f940640e
-
SHA512
82e8f0c5b7241774c513f988bd2de86a6d446798ece57dc7ee0592f08e0f8f3831bac0ffd23d1be4778f2e413c76b61c3fb73c2664d75097dcf2ca5f07411d71
-
SSDEEP
6144:ayD2zi7aN0RcGLKZH2FaLw9hH4JdBV+UdvrEFp7hKRof:ayD2zi+N0f9hH4JdBjvrEH77f
Malware Config
Targets
-
-
Target
2025-01-09_815b358f5d2025036ec3aaec288b98d6_avoslocker_cobalt-strike_floxif_luca-stealer
-
Size
224KB
-
MD5
815b358f5d2025036ec3aaec288b98d6
-
SHA1
7df428f86863f6482738233d526e9e8f306d5166
-
SHA256
69dbb12e0280a42f3b98b2b42a6aa0610a8c2d67724fa44d062a7592f940640e
-
SHA512
82e8f0c5b7241774c513f988bd2de86a6d446798ece57dc7ee0592f08e0f8f3831bac0ffd23d1be4778f2e413c76b61c3fb73c2664d75097dcf2ca5f07411d71
-
SSDEEP
6144:ayD2zi7aN0RcGLKZH2FaLw9hH4JdBV+UdvrEFp7hKRof:ayD2zi+N0f9hH4JdBjvrEH77f
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-