General
-
Target
cd6fa1dcd6e80e2f64692ff90b25c1add8f40d5468624a16f2b19e5ef739b571
-
Size
3.4MB
-
Sample
250207-cpngkavna1
-
MD5
05dbee0d76e3cc943c1f4b86d94ee4f0
-
SHA1
0becbd2e4b6dcfe10e889b0afe30acd746b58e87
-
SHA256
cd6fa1dcd6e80e2f64692ff90b25c1add8f40d5468624a16f2b19e5ef739b571
-
SHA512
9f7646971c7ec5024780a2eebbfeda36871677377ded3746a03f16084c1e317f7d6174c13c39b167ce2a2c25e49c97b7937eb6554dd045684eba93af69a23e0c
-
SSDEEP
49152:62XX9nMhH9HpVYZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:62XX96HhpVYZo1t0xOoGBiCV2HmdR
Malware Config
Targets
-
-
Target
cd6fa1dcd6e80e2f64692ff90b25c1add8f40d5468624a16f2b19e5ef739b571
-
Size
3.4MB
-
MD5
05dbee0d76e3cc943c1f4b86d94ee4f0
-
SHA1
0becbd2e4b6dcfe10e889b0afe30acd746b58e87
-
SHA256
cd6fa1dcd6e80e2f64692ff90b25c1add8f40d5468624a16f2b19e5ef739b571
-
SHA512
9f7646971c7ec5024780a2eebbfeda36871677377ded3746a03f16084c1e317f7d6174c13c39b167ce2a2c25e49c97b7937eb6554dd045684eba93af69a23e0c
-
SSDEEP
49152:62XX9nMhH9HpVYZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:62XX96HhpVYZo1t0xOoGBiCV2HmdR
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1