74c129597fc856e6d055e249064fa8ea9e0f9307c21aeeee77c966195c173d96 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

FileZilla_...up.exe

windows10-1703-x64

8

Sharing

General

Target

FileZilla_3.63.2.1_win64_sponsored2-setup.exe
Size

12.0MB
Sample

230331-wbfpcacb67
MD5

7857a3a1994b4062611a2a93a2b7c46e
SHA1

1b03bdba406dcddb4d2c1f9e0068a8127a96f453
SHA256

74c129597fc856e6d055e249064fa8ea9e0f9307c21aeeee77c966195c173d96
SHA512

cd3c8d00ecef46cca0562e2507746ef05ba8d431d3cd4834888655d5b16fa85226201ff8ee4960f92e7bd6973a96d2383ef99431050f0c2b94abc7281545e639
SSDEEP

196608:mOddqzD9UmoiMAywFI1t6KoO7+GUAK1jUjMPRqU5nwa+3tu+XQQS1DyyOC1+kP9Y:mOnqzZUmxnK6VGUAK1jxiRumjSwQE

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

FileZilla_3.63.2.1_win64_sponsored2-setup.exe

Resource

win10-20230220-en

discovery persistence spyware stealer upx

windows10-1703-x64

15 signatures

1800 seconds

Malware Config

Targets

- Target
  
  FileZilla_3.63.2.1_win64_sponsored2-setup.exe
- Size
  
  12.0MB
- MD5
  
  7857a3a1994b4062611a2a93a2b7c46e
- SHA1
  
  1b03bdba406dcddb4d2c1f9e0068a8127a96f453
- SHA256
  
  74c129597fc856e6d055e249064fa8ea9e0f9307c21aeeee77c966195c173d96
- SHA512
  
  cd3c8d00ecef46cca0562e2507746ef05ba8d431d3cd4834888655d5b16fa85226201ff8ee4960f92e7bd6973a96d2383ef99431050f0c2b94abc7281545e639
- SSDEEP
  
  196608:mOddqzD9UmoiMAywFI1t6KoO7+GUAK1jUjMPRqU5nwa+3tu+XQQS1DyyOC1+kP9Y:mOnqzZUmxnK6VGUAK1jxiRumjSwQE
Score

8^/10

discovery persistence spyware stealer upx
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy