e5887ed3474a612ad285d64e9fad693922cf2e7216fd82e6ed5f2964f37a9503 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e5887ed3474a612ad285d64e9fad693922cf2e7216fd82e6ed5f2964f37a9503
Size

124KB
Sample

230817-yq5m5ach78
MD5

2c50e4dee3dddcf88864fa42bdeb2fb5
SHA1

e4464e7d4bb6095258db80fa8a967d18b321925a
SHA256

e5887ed3474a612ad285d64e9fad693922cf2e7216fd82e6ed5f2964f37a9503
SHA512

68327813c877e2912fd0a674b9461b9085666a62ddb96ad763b3cc8358d8566ed132c12486828a462acf76411ee4dac9353401fe599e388a58b8491f0daead88
SSDEEP

3072:KsL6X0Sf5uKeuC2RLCoD7ckgbPxCpg0kjgDVQIgubkdIgyE:76k05uTctDrNDVnguYegx

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
38.55.184.87
Port:
21
Username:
1
Password:
1

Targets

- Target
  
  e5887ed3474a612ad285d64e9fad693922cf2e7216fd82e6ed5f2964f37a9503
- Size
  
  124KB
- MD5
  
  2c50e4dee3dddcf88864fa42bdeb2fb5
- SHA1
  
  e4464e7d4bb6095258db80fa8a967d18b321925a
- SHA256
  
  e5887ed3474a612ad285d64e9fad693922cf2e7216fd82e6ed5f2964f37a9503
- SHA512
  
  68327813c877e2912fd0a674b9461b9085666a62ddb96ad763b3cc8358d8566ed132c12486828a462acf76411ee4dac9353401fe599e388a58b8491f0daead88
- SSDEEP
  
  3072:KsL6X0Sf5uKeuC2RLCoD7ckgbPxCpg0kjgDVQIgubkdIgyE:76k05uTctDrNDVnguYegx
Score

10^/10
- Downloads MZ/PE file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2