General
-
Target
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
-
Size
235KB
-
Sample
210402-66bxra8d12
-
MD5
85fe410ff23b4ef7db799ecdf574dd91
-
SHA1
cc2f06865ba59951ccfadc30f003ee7f768dd562
-
SHA256
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
-
SHA512
90f29a7f3f721e267ab78c934c8984e994ba038c8cf850f3028503bf2c249bf1adb3527ac52a0b8dd579e2010b1120f575f0da665e5c5f2be95d079e4fcb504e
Static task
static1
Behavioral task
behavioral1
Sample
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
86.105.252.166 - Port:
21 - Username:
mirkosirko - Password:
mirkosirko@pigmo
Targets
-
-
Target
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
-
Size
235KB
-
MD5
85fe410ff23b4ef7db799ecdf574dd91
-
SHA1
cc2f06865ba59951ccfadc30f003ee7f768dd562
-
SHA256
9b877d63088137a893a8b4b9f6774b25f7f9edaa6345e09130b3d18dcbed2ff7
-
SHA512
90f29a7f3f721e267ab78c934c8984e994ba038c8cf850f3028503bf2c249bf1adb3527ac52a0b8dd579e2010b1120f575f0da665e5c5f2be95d079e4fcb504e
Score10/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-