9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7 | Triage

Sharing

General

Target

9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
Size

235KB
Sample

210402-66bxra8d12
MD5

85fe410ff23b4ef7db799ecdf574dd91
SHA1

cc2f06865ba59951ccfadc30f003ee7f768dd562
SHA256

9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
SHA512

90f29a7f3f721e267ab78c934c8984e994ba038c8cf850f3028503bf2c249bf1adb3527ac52a0b8dd579e2010b1120f575f0da665e5c5f2be95d079e4fcb504e

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
86.105.252.166
Port:
21
Username:
mirkosirko
Password:
mirkosirko@pigmo

Targets

- Target
  
  9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
- Size
  
  235KB
- MD5
  
  85fe410ff23b4ef7db799ecdf574dd91
- SHA1
  
  cc2f06865ba59951ccfadc30f003ee7f768dd562
- SHA256
  
  9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
- SHA512
  
  90f29a7f3f721e267ab78c934c8984e994ba038c8cf850f3028503bf2c249bf1adb3527ac52a0b8dd579e2010b1120f575f0da665e5c5f2be95d079e4fcb504e
Score

10^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2