General

  • Target

    2025-05-29_02d4577487d3d3e6651400747322e4a4_black-basta_elex_floxif_luca-stealer

  • Size

    268KB

  • Sample

    250529-qplvmafk41

  • MD5

    02d4577487d3d3e6651400747322e4a4

  • SHA1

    3a5893d0ddd390b298121f4a1e5e222dd8095c40

  • SHA256

    f8c6ee973adb67ec20e375077b1cecb4d38732d972d40241ba75b4f834825bdb

  • SHA512

    414073cb303634ccd09db6061450202cb98566f447f97825113d48b1b29f145c0967d87a65b76e899e01e033ca23325c786c536b1a9ab5efcdbed647ad3d6076

  • SSDEEP

    3072:OA/cdv7411xlZ9NCLi7+T6e0Q2vKH2wlz2lQBV+UdE+rECWp7hK7Q:O44T4Vf9i2wl3BV+UdvrEFp7hKs

Malware Config

Targets

    • Target

      2025-05-29_02d4577487d3d3e6651400747322e4a4_black-basta_elex_floxif_luca-stealer

    • Size

      268KB

    • MD5

      02d4577487d3d3e6651400747322e4a4

    • SHA1

      3a5893d0ddd390b298121f4a1e5e222dd8095c40

    • SHA256

      f8c6ee973adb67ec20e375077b1cecb4d38732d972d40241ba75b4f834825bdb

    • SHA512

      414073cb303634ccd09db6061450202cb98566f447f97825113d48b1b29f145c0967d87a65b76e899e01e033ca23325c786c536b1a9ab5efcdbed647ad3d6076

    • SSDEEP

      3072:OA/cdv7411xlZ9NCLi7+T6e0Q2vKH2wlz2lQBV+UdE+rECWp7hK7Q:O44T4Vf9i2wl3BV+UdvrEFp7hKs

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Renames multiple (190) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks