General
-
Target
FileZilla_3.62.1_win64-setup.exe
-
Size
11.4MB
-
Sample
230113-tlsqjsac26
-
MD5
6943bb5d7fa5f8893385354002e68b2c
-
SHA1
5ed52e3e97d2114a96f392aaaa37c208747faebf
-
SHA256
95eca7fd49e2c332121332a54b866216f7fdfa6d5c12bb16ecdfc443d87ee79f
-
SHA512
4540af17b9cc5b24570a623dc3522e0812bbeaeff7bd2ba62b1acf66d25c229e34971fe92063e6201e294147f2f1f71f1aabd75698935da2765321006a797a1a
-
SSDEEP
196608:bW8xdEhcbwYCSJm4+zULBlUOvEG9gAbRfvE7DeDzeY8LO0YwZ2ndW7HQ/i+/Mum:bWn6wIJF+zndDYqY8LOxUQ/xUum
Static task
static1
Behavioral task
behavioral1
Sample
FileZilla_3.62.1_win64-setup.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
FileZilla_3.62.1_win64-setup.exe
-
Size
11.4MB
-
MD5
6943bb5d7fa5f8893385354002e68b2c
-
SHA1
5ed52e3e97d2114a96f392aaaa37c208747faebf
-
SHA256
95eca7fd49e2c332121332a54b866216f7fdfa6d5c12bb16ecdfc443d87ee79f
-
SHA512
4540af17b9cc5b24570a623dc3522e0812bbeaeff7bd2ba62b1acf66d25c229e34971fe92063e6201e294147f2f1f71f1aabd75698935da2765321006a797a1a
-
SSDEEP
196608:bW8xdEhcbwYCSJm4+zULBlUOvEG9gAbRfvE7DeDzeY8LO0YwZ2ndW7HQ/i+/Mum:bWn6wIJF+zndDYqY8LOxUQ/xUum
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-