ef3c2dfbe13aeef9d04bf6faebec26b97d614e52f24c63955bf7d36543253e07 | Triage

Submit
Reports

Overview

overview

Static

static

1

FileZilla_...up.exe

windows7-x64

7

FileZilla_...up.exe

windows10-2004-x64

Sharing

General

Target

FileZilla_3.62.2_win64-setup.exe
Size

11.4MB
Sample

230403-yzm5faaf91
MD5

579bb096d23e81d7acea4f09ae1a5f20
SHA1

70d466914d392a0a2c06d8ed62882ec5a71f54bd
SHA256

ef3c2dfbe13aeef9d04bf6faebec26b97d614e52f24c63955bf7d36543253e07
SHA512

9596496e8200bb8d314503ddad973304a48461b8dcb052912d5d068d3877172ee1d57f53556b3807cd6df4c875babf1393f9a2b2bd1c8e6a9d9b37ba971ee656
SSDEEP

196608:jWc8gUVaVHNOSYJ6pbitQaE+mUqbsP47XyRBVKhure3XIY1XssQgooVoo/7kU7Mh:jWcyaVwSq6pbQ3EgPUCzVwuKFXsERooi

Score

10^/10

bootkit discovery evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

FileZilla_3.62.2_win64-setup.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

FileZilla_3.62.2_win64-setup.exe

Resource

win10v2004-20230221-en

evasion persistence ransomware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  FileZilla_3.62.2_win64-setup.exe
- Size
  
  11.4MB
- MD5
  
  579bb096d23e81d7acea4f09ae1a5f20
- SHA1
  
  70d466914d392a0a2c06d8ed62882ec5a71f54bd
- SHA256
  
  ef3c2dfbe13aeef9d04bf6faebec26b97d614e52f24c63955bf7d36543253e07
- SHA512
  
  9596496e8200bb8d314503ddad973304a48461b8dcb052912d5d068d3877172ee1d57f53556b3807cd6df4c875babf1393f9a2b2bd1c8e6a9d9b37ba971ee656
- SSDEEP
  
  196608:jWc8gUVaVHNOSYJ6pbitQaE+mUqbsP47XyRBVKhure3XIY1XssQgooVoo/7kU7Mh:jWcyaVwSq6pbQ3EgPUCzVwuKFXsERooi
Score

10^/10

bootkit discovery persistence evasion ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Defacement

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

evasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy