General
-
Target
IMG001.exe
-
Size
3.5MB
-
Sample
220925-q8x21aehg9
-
MD5
87882046d21d2468ee993ea7c3159c4d
-
SHA1
525114e7e4bde3c2e9620f598dc21071888b44b6
-
SHA256
edc049f43e49ebc789a64818b7a1c52e37dd248e735d86606d92162dce599130
-
SHA512
bce07ca371c0a7aa6d214ff3ff3fb05c45891f56d1834c06a563b1adb0d1c3eee9829ac73b4652677ba916aa147913d135939d0d3a2f7af4aa1469af3389ffc6
-
SSDEEP
98304:M8LuVPnq1y5tQOM33ZNqCtBixHl54Oyjes1boo:KVPq1yLanrqTr43eSX
Static task
static1
Behavioral task
behavioral1
Sample
IMG001.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
IMG001.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
62.129.233.167 - Port:
21 - Username:
anonymous
Extracted
Protocol: ftp- Host:
107.151.181.121 - Port:
21 - Username:
admin - Password:
foster
Extracted
Protocol: ftp- Host:
112.230.136.19 - Port:
21 - Username:
anonymous
Targets
-
-
Target
IMG001.exe
-
Size
3.5MB
-
MD5
87882046d21d2468ee993ea7c3159c4d
-
SHA1
525114e7e4bde3c2e9620f598dc21071888b44b6
-
SHA256
edc049f43e49ebc789a64818b7a1c52e37dd248e735d86606d92162dce599130
-
SHA512
bce07ca371c0a7aa6d214ff3ff3fb05c45891f56d1834c06a563b1adb0d1c3eee9829ac73b4652677ba916aa147913d135939d0d3a2f7af4aa1469af3389ffc6
-
SSDEEP
98304:M8LuVPnq1y5tQOM33ZNqCtBixHl54Oyjes1boo:KVPq1yLanrqTr43eSX
Score10/10-
Contacts a large (872) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-