Overview

overview

10

Static

static

svchost.exe

windows7-x64

10

svchost.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7eae7b99297fd2623a858632ed5a56eea7a44a4d129ca2e928a56d8ea4282856

  • Size

    35KB

  • Sample

    220919-g2rf7sbgg3

  • MD5

    feaadbf48f67f480a3123bfa9df003eb

  • SHA1

    2c0e2cde49d71831dcd348ce070a507c5ebfcd9c

  • SHA256

    7eae7b99297fd2623a858632ed5a56eea7a44a4d129ca2e928a56d8ea4282856

  • SHA512

    dd8e9b0b0230ed1a29d55fe1982469a0dbc45fe7605123b61f0fdde08da9cd43f96eef929e9155ae4464121ef2c36cb5f0b714f5ab7b5dc5ec44a15a2c05e459

  • SSDEEP

    768:mU2R6eJbZHGRy3aCGlPQ8jtCAnxDZ0aqUGxsbnudD+UkMxT3qs5:FSxJbgBC6PbjthbqUGxCnWnkMxTX5

Score
10/10
persistence

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    www20.subdomain.com
  • Port:
    21
  • Username:
    user1479359
  • Password:
    PL0i3RS4

Targets

    • Target

      svchost.exe

    • Size

      58KB

    • MD5

      e2f489344ed5556ca506afc552c31c08

    • SHA1

      af6328d7a3568be3cf88254a763d754225da7bd8

    • SHA256

      7abd00697d5cd3d718120d63c3052200d859fe2073e87c5022eeb58b45db3b45

    • SHA512

      d68c86c3015e505e86d7fc288e39e23f9f3d377a72394a744f694738e7eb838ce5b9a2d336dbc0b33b49b28368c1f4205bbfd336c302262765ca87c59a672a3f

    • SSDEEP

      1536:k9wvQUreUbyzsB+2myhzT7hOm3WI9Wbwo9H:UA/yzn2myhzom3WyWbvH

    Score
    10/10
    persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks