General

  • Target

    2025-01-29_b6c117aa44f51d20be39164bcfb5a3b7_bkransomware_floxif

  • Size

    4.7MB

  • Sample

    250129-v5k1gstjhp

  • MD5

    b6c117aa44f51d20be39164bcfb5a3b7

  • SHA1

    f7981b26091d200f9ad3d65d80248ffbe2c6a4b7

  • SHA256

    9f157e4995fb9ab68182bfaad6272ea4f5d5288eb71e3dd8ea1049756abe0ece

  • SHA512

    28fcce6ce7dec7db12b1182e0d58570432a61df196e98e4e1a00ee7669de68fe288b8cb58f4a72c6b0e64617da8cf665e84368acdc6717cc27665f11cdb884c7

  • SSDEEP

    98304:kBe40bl9dFPenSX5gSoCR0DHDB1dE46V3u/u:h3JenqR8L/u

Malware Config

Targets

    • Target

      2025-01-29_b6c117aa44f51d20be39164bcfb5a3b7_bkransomware_floxif

    • Size

      4.7MB

    • MD5

      b6c117aa44f51d20be39164bcfb5a3b7

    • SHA1

      f7981b26091d200f9ad3d65d80248ffbe2c6a4b7

    • SHA256

      9f157e4995fb9ab68182bfaad6272ea4f5d5288eb71e3dd8ea1049756abe0ece

    • SHA512

      28fcce6ce7dec7db12b1182e0d58570432a61df196e98e4e1a00ee7669de68fe288b8cb58f4a72c6b0e64617da8cf665e84368acdc6717cc27665f11cdb884c7

    • SSDEEP

      98304:kBe40bl9dFPenSX5gSoCR0DHDB1dE46V3u/u:h3JenqR8L/u

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.