General
-
Target
2025-04-03_38058339fdd2912c35147a02d93fd036_black-basta_floxif_luca-stealer_remcos_rhadamanthys
-
Size
16.8MB
-
Sample
250403-3kam1synw4
-
MD5
38058339fdd2912c35147a02d93fd036
-
SHA1
7ce1111ba299613a6873d0427caca1979bd69504
-
SHA256
372362b50557bf678a924d340f17399f8595a78ef51bba706b04571718b1c851
-
SHA512
8604e3078f41a48c83d4c0bd422aca935fb6e3012cd86d7d68251d04858ffd25ed2b3da92069a711f52f321f977f1bec5a9977eb81c9324ba867e0bd5ce8e6d1
-
SSDEEP
393216:KUfoCkhfO/zFXGW/F/P9wXiXzThtaio4JfRs9:pRkdObGXYzt4kRk
Malware Config
Extracted
https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData
Targets
-
-
Target
2025-04-03_38058339fdd2912c35147a02d93fd036_black-basta_floxif_luca-stealer_remcos_rhadamanthys
-
Size
16.8MB
-
MD5
38058339fdd2912c35147a02d93fd036
-
SHA1
7ce1111ba299613a6873d0427caca1979bd69504
-
SHA256
372362b50557bf678a924d340f17399f8595a78ef51bba706b04571718b1c851
-
SHA512
8604e3078f41a48c83d4c0bd422aca935fb6e3012cd86d7d68251d04858ffd25ed2b3da92069a711f52f321f977f1bec5a9977eb81c9324ba867e0bd5ce8e6d1
-
SSDEEP
393216:KUfoCkhfO/zFXGW/F/P9wXiXzThtaio4JfRs9:pRkdObGXYzt4kRk
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Blocklisted process makes network request
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-