b0db36a38a157ac375a17513df967142b9716ea3d18fcf8b6fe3ea3a3bffa1ad | Triage

Sharing

General

Target

6364c735a7cdfb73a79f1e12b81e0637
Size

23KB
Sample

240117-x2kawsdff4
MD5

6364c735a7cdfb73a79f1e12b81e0637
SHA1

d0378dbe26039d87085128625b93745ee92a3fa6
SHA256

b0db36a38a157ac375a17513df967142b9716ea3d18fcf8b6fe3ea3a3bffa1ad
SHA512

a02a4c26dac1481fb2596c73d3e90537b5c12b7a9ba57bc5db9610f1411d3dd84f5269d3aa2582e4d7d2e5cd2366fb9346f036fa721034865a94d34ba1e55691
SSDEEP

384:AFgFFgNN9kqf0geyQkw/3ZGpRd6hrQC2Nr8PWKBK62VNeLR7iWBX6PaFl488ws3X:A2FgNNCqf0geyQTGpRBCSr01KcLR7t0D

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.xiuzhe.com
Port:
21
Username:
ftpxiu
Password:
ftp123

Targets

- Target
  
  6364c735a7cdfb73a79f1e12b81e0637
- Size
  
  23KB
- MD5
  
  6364c735a7cdfb73a79f1e12b81e0637
- SHA1
  
  d0378dbe26039d87085128625b93745ee92a3fa6
- SHA256
  
  b0db36a38a157ac375a17513df967142b9716ea3d18fcf8b6fe3ea3a3bffa1ad
- SHA512
  
  a02a4c26dac1481fb2596c73d3e90537b5c12b7a9ba57bc5db9610f1411d3dd84f5269d3aa2582e4d7d2e5cd2366fb9346f036fa721034865a94d34ba1e55691
- SSDEEP
  
  384:AFgFFgNN9kqf0geyQkw/3ZGpRd6hrQC2Nr8PWKBK62VNeLR7iWBX6PaFl488ws3X:A2FgNNCqf0geyQTGpRBCSr01KcLR7t0D
Score

10^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2