Overview
overview
10Static
static
FTPSet.exe
windows7_x64
10FTPSet.exe
windows10-2004_x64
10FtpSrv.exe
windows7_x64
10FtpSrv.exe
windows10-2004_x64
10QB903D.exe
windows7_x64
1QB903D.exe
windows10-2004_x64
1ecgdb.exe
windows7_x64
1ecgdb.exe
windows10-2004_x64
1ecgpaint.exe
windows7_x64
10ecgpaint.exe
windows10-2004_x64
10imgctl.dll
windows7_x64
10imgctl.dll
windows10-2004_x64
10sysdef.dll
windows7_x64
10sysdef.dll
windows10-2004_x64
10tcpip.exe
windows7_x64
10tcpip.exe
windows10-2004_x64
10General
-
Target
1.zip
-
Size
1.2MB
-
Sample
220616-cswmcafehr
-
MD5
3c56a7bf04bad7f85cf469e35c305358
-
SHA1
21b4fa76aa403646f0dd79c70322299d695787ae
-
SHA256
c641a8d24354b0ed3cf3d21c21e8c6f58d969a667985f829edebbadcf84f32ec
-
SHA512
f03940882e949e19736de4652514fcf61c9865556e7a7f9bbbdf620db39c531fb2c2e6a92f6445a816e356c4dbaec3394f1e584420d25f4c9f6bda3acbc6c2a2
Static task
static1
Behavioral task
behavioral1
Sample
FTPSet.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FTPSet.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
FtpSrv.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
FtpSrv.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
QB903D.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
QB903D.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
ecgdb.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
ecgdb.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
ecgpaint.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
ecgpaint.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
imgctl.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
imgctl.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
sysdef.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
sysdef.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
tcpip.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
FTPSet.exe
-
Size
272KB
-
MD5
cd92ea901263b421bc4a45eae91b9272
-
SHA1
f5cecd22c4648121b356d3c0c991129479f00726
-
SHA256
5704a43364e711e80ab09c935b2075fef4c6e54738df7f7bed0f4289386405f4
-
SHA512
43e777d0b57b77062c8bfa1e0daa1626707b71854cd57fb2bcca4a09053b64491d1ec5e4fab80b0514af6f1daac58610d439e35d32bb71dd0806b378506b1528
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
FtpSrv.exe
-
Size
124KB
-
MD5
3d32a10d3505697451519ed9578e349c
-
SHA1
c02e2cf2c18da681c0556b3d9259400864c85cee
-
SHA256
31972345438e370070d128c0564e5f1d2008a23edbf94549246597ced5755340
-
SHA512
7e1466d9f200163b50a1d7c5efa9bb7e12289f2535603c49d5e78c834858b4522b76f68494f3904d02bd8862a30f8ae49224a8c376076953f5f1362fa5e931e2
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
QB903D.exe
-
Size
490KB
-
MD5
1aeaeebe597f1e5d23ec778db8c943b1
-
SHA1
5cec975541cd77f49a39ed280d3df5ccfc506a04
-
SHA256
fd5b86f95bbc56522ae5720454358dab015edf02253945f6ec84b923fbad5697
-
SHA512
4672d7e3901ebbe45b3c8207ebbb16055b88ba72fb0f959a9311c434ad4e2dab4493f003d597ebd3e44d0173a140047d1c7d3511965fdb0e98ba323b4df31b89
Score1/10 -
-
-
Target
ecgdb.exe
-
Size
252KB
-
MD5
055214d1cc50f611b599cbd8debbf077
-
SHA1
7332eb0aadea8dc467cf5325c078fad30da00f48
-
SHA256
c33ad9c778ca78fb5c56a525c9e65a6ae9d730a09f2df6d1d87d9a398bf7b01b
-
SHA512
f39ee92e564513f865ef144239ae43a935451dd8452f6f553d60ff106ecae3dbb942b111c33da2b20632cdcf9acc548d1261fe054a734d0ae2e629ffdf3d1065
Score1/10 -
-
-
Target
ecgpaint.exe
-
Size
656KB
-
MD5
7056f2f0f8555fed8cf99ec522d892aa
-
SHA1
a8bdca81025349245aecaf561d2c373ef5c0fd78
-
SHA256
9b621534e64ac9bdb30596c43633185a75593a2b400f32c184b4da607d121e2f
-
SHA512
a7921d4f02c0f03204424af46f95924fbd4a2cca627ff7bf48487807356d342b93d0a9071e6ccf1205686b8ebaf9767122c4c8c3216bf711b4d0a5130578ad96
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
imgctl.dll
-
Size
420KB
-
MD5
42e7b4b831b5da9650eb251234943a60
-
SHA1
11f297aa779a02b1c0a8977b7ef7eef7bbbe2f89
-
SHA256
dc209d9d68ce96de6e6dbaf453e33ee8dec73b654c3c0eb27f03cbcf80d27b03
-
SHA512
395f1752527d26e3afe756dd16abc1f5d5be56b275671acadbd1753e5f1d46495aabc217a54640741fac6b8565638db2d0185284a33c46c12b226dc7124a6a76
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
sysdef.dll
-
Size
128KB
-
MD5
c73b69a05926ba4500d677be162e2d2e
-
SHA1
18da0621d6f6f3df5eaff883d91d6091608fb411
-
SHA256
c7fc84587d69caed369dc5e5826f244b8df9d4bad18a8417e318f7a771974d72
-
SHA512
640c51709e8c2bf008acf40909ad982dc1bb346882021dde60f06050ff65e736e4ea52b0a8bd378fc08d30606bf133ee393855c1e3050291b23f0a1f688f1df9
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
tcpip.exe
-
Size
132KB
-
MD5
1d0dd320d806faba3ef111d7866dcc95
-
SHA1
c2346a33783b38fffc3f3aca0c4eba9b315570f7
-
SHA256
9455b76b37e7a2a7f7ef3ec76f69acd40511b0ddde3af3cf746311a5e2498b15
-
SHA512
da50030b30cce8f0b3dae0ac4cb105d91d1f3b466780d9fe466479441d9945280d9bec2fee52ede6cdeb802be460072fc63dbe645eb0cc1739d35a8e3f923b17
-
Executes dropped EXE
-
Loads dropped DLL
-