723066334431437f6368ffa748ac0831ce2f30fd035924ea36d8c3f14f133231

Sharing

Copy URL

Twitter E-mail

General

Target

AScan3.exe
Size

18KB
Sample

230612-wd38esdg4v
MD5

1897a77b28fcff9d1a0ae9245eb21e08
SHA1

42b72123d99c3d251094f13a1c8812ffe41cac11
SHA256

723066334431437f6368ffa748ac0831ce2f30fd035924ea36d8c3f14f133231
SHA512

9932cc0449ad159ee1763bbff43c999cece49c3622b86ceeae1a9440ca7e09f81e111b8406c16fbdb53773aea60f2f2f6fe40850e86c80d9b97c9ababc155ccc
SSDEEP

384:GEJraZKPfdpG2U20NJwqUX9F2Rbsb9qBCjKW57qWUeC+Q46YX:ZK2dpJUdJTUgbsb4qx7qWcf45

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster123

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster1

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster123

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster1

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER123

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER1

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
pass123

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
password

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
P@ssw0rd

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
123456

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
654321

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
12345678

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
123456789

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
qwerty

Extracted

Credentials

Protocol: smtp
Host:
secure.richweb.com
Port:
587
Username:
postmaster
Password:
asdfgh

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster123

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
postmaster1

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster123

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
Postmaster1

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER123

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
POSTMASTER1

Extracted

Credentials

Protocol: smtp
Host:
mail.richweb.com
Port:
587
Username:
postmaster
Password:
pass123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
postmaster

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
postmaster123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
postmaster1

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
Postmaster

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
Postmaster123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
Postmaster1

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
POSTMASTER

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
POSTMASTER123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
POSTMASTER1

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
pass123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
password

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
P@ssw0rd

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
123456

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
654321

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
12345678

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
123456789

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
qwerty

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
asdfgh

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
abc123

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
abc123456

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
1q2w3e

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
1q2w3e4r

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
123qwe

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
qwertyuiop

Extracted

Credentials

Protocol: smtp
Host:
mail.kfzscheuer.de
Port:
587
Username:
postmaster
Password:
qwerty123

Extracted

Credentials

Protocol: smtp
Host:
ec2-54-94-109-79.sa-east-1.compute.amazonaws.com
Port:
587
Username:
postmaster
Password:
postmaster

Extracted

Credentials

Protocol: smtp
Host:
ec2-54-94-109-79.sa-east-1.compute.amazonaws.com
Port:
587
Username:
postmaster
Password:
postmaster123

Extracted

Credentials

Protocol: smtp
Host:
ec2-54-94-109-79.sa-east-1.compute.amazonaws.com
Port:
587
Username:
postmaster
Password:
postmaster1

Targets

- Target
  
  AScan3.exe
- Size
  
  18KB
- MD5
  
  1897a77b28fcff9d1a0ae9245eb21e08
- SHA1
  
  42b72123d99c3d251094f13a1c8812ffe41cac11
- SHA256
  
  723066334431437f6368ffa748ac0831ce2f30fd035924ea36d8c3f14f133231
- SHA512
  
  9932cc0449ad159ee1763bbff43c999cece49c3622b86ceeae1a9440ca7e09f81e111b8406c16fbdb53773aea60f2f2f6fe40850e86c80d9b97c9ababc155ccc
- SSDEEP
  
  384:GEJraZKPfdpG2U20NJwqUX9F2Rbsb9qBCjKW57qWUeC+Q46YX:ZK2dpJUdJTUgbsb4qx7qWcf45
Score

10^/10

discovery
- Contacts a large (28900) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (3551) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Contacts a large (28900) amount of remote hosts

Contacts a large (3551) amount of remote hosts

Creates a large amount of network flows

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2