General
-
Target
09c2c9134b76b67cc412cfec9f6da6b4384a265e088c1b4dd7f8390614f6f957N.exe
-
Size
197KB
-
Sample
250205-bnst8atmem
-
MD5
ab11e14712b8eefde139fa5169127780
-
SHA1
38ffdc09e855876881079895e6d97d700dc8674d
-
SHA256
09c2c9134b76b67cc412cfec9f6da6b4384a265e088c1b4dd7f8390614f6f957
-
SHA512
30ebf89a057906db78106be4974f6b6a0bf2288ae3956a910139ca141d947c5651a44a33542ad44c015ef8e860073678a86271bced68255ffcb3d33fea878de2
-
SSDEEP
6144:T2VH0SLpXCFCcgEwT6+gXEwT6+gXkEBV+UdvrEFp7hK1nw:iVH0S0FC1S5EBjvrEH7gw
Malware Config
Targets
-
-
Target
09c2c9134b76b67cc412cfec9f6da6b4384a265e088c1b4dd7f8390614f6f957N.exe
-
Size
197KB
-
MD5
ab11e14712b8eefde139fa5169127780
-
SHA1
38ffdc09e855876881079895e6d97d700dc8674d
-
SHA256
09c2c9134b76b67cc412cfec9f6da6b4384a265e088c1b4dd7f8390614f6f957
-
SHA512
30ebf89a057906db78106be4974f6b6a0bf2288ae3956a910139ca141d947c5651a44a33542ad44c015ef8e860073678a86271bced68255ffcb3d33fea878de2
-
SSDEEP
6144:T2VH0SLpXCFCcgEwT6+gXEwT6+gXkEBV+UdvrEFp7hK1nw:iVH0S0FC1S5EBjvrEH7gw
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-