b5dc1c1a5d7112d19f225d14b0ba7e704994d619e6b2767be341cbeca885d933

Sharing

Copy URL

Twitter E-mail

General

Target

FileZilla_3.66.5_win64-setup.exe
Size

11.8MB
Sample

240222-29spfsgc2z
MD5

540fefce358b49cfb2cb9bd79fd41466
SHA1

4afe78500f48a615945d49f7f66d8f0d06b973fd
SHA256

b5dc1c1a5d7112d19f225d14b0ba7e704994d619e6b2767be341cbeca885d933
SHA512

959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
SSDEEP

196608:BM/6Kzx2kWsnteSykEa6E5VsBW5k6usPly9sJKloJ1/DIZvX6Pa3Em6oakmMthbj:BM/6eQkfwSNgVyFglobDyYm6/kmQHv

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  FileZilla_3.66.5_win64-setup.exe
- Size
  
  11.8MB
- MD5
  
  540fefce358b49cfb2cb9bd79fd41466
- SHA1
  
  4afe78500f48a615945d49f7f66d8f0d06b973fd
- SHA256
  
  b5dc1c1a5d7112d19f225d14b0ba7e704994d619e6b2767be341cbeca885d933
- SHA512
  
  959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
- SSDEEP
  
  196608:BM/6Kzx2kWsnteSykEa6E5VsBW5k6usPly9sJKloJ1/DIZvX6Pa3Em6oakmMthbj:BM/6eQkfwSNgVyFglobDyYm6/kmQHv
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a8c86996c4230c2209f5927f21321377
- SHA1
  
  45ce0ab93cb6a3a594e54878cce05df724024393
- SHA256
  
  110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
- SHA512
  
  69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3
- SSDEEP
  
  96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d458b8251443536e4a334147e0170e95
- SHA1
  
  ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3
- SHA256
  
  4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7
- SHA512
  
  6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsis_appid.dll
- Size
  
  3KB
- MD5
  
  19071761e91c43c115a16b52458869b7
- SHA1
  
  75ddb807157f1aa31a08f87be0270f60990bcbbc
- SHA256
  
  e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f
- SHA512
  
  bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c
Score

3^/10
behavioral13 behavioral14
- Target
  
  $R0
- Size
  
  33KB
- MD5
  
  d02454e5e342d3f825b57137aa92a345
- SHA1
  
  6dbbf9164a54963198affcbf4c5928fdd29afd99
- SHA256
  
  b425a8e076dfccf9245d724d3a228500bf128aea9fb24795ee3c6020d2e9df6a
- SHA512
  
  625ab607ce7c5e56a29ce9a8eef9dae0d92fc8ac947bb074ea8ad14bb40a6bb79d72c53f4c99a13e6dcd8054fdb95f0b93abcc246442bcccdf82168938e6d63a
- SSDEEP
  
  768:82/5ZWpdwrGUxnyiehH/kZjGyxUUyg8GENAMx49:zBZWpvWaGj7UjNXxM
Score

1^/10
behavioral15 behavioral16
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_80_.exe
- Size
  
  5KB
- MD5
  
  48b4f7d95dbff3dfc74fe3d9e41524b8
- SHA1
  
  7bfc27a6eac4796029e841f9d5a61d37de6b34be
- SHA256
  
  fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e
- SHA512
  
  c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d
- SSDEEP
  
  96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5
Score

1^/10
behavioral17 behavioral18
- Target
  
  GPL.html
- Size
  
  15KB
- MD5
  
  11e176c5e0120ee94e365f999084bce8
- SHA1
  
  a612f6d40d0d2ae045d80b60bce6fb6f81a811ef
- SHA256
  
  f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c
- SHA512
  
  d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3
- SSDEEP
  
  192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7
Score

1^/10
behavioral19 behavioral20
- Target
  
  filezilla.exe
- Size
  
  4.0MB
- MD5
  
  4851a345bfe906884e0aa95eaefd2a99
- SHA1
  
  3ee4d00880c523a8de9aa2919c45ca36e45a5788
- SHA256
  
  f23586077288f615dbc1bacf7b1ebbe4ae266d2e0e1e2b4bc2961762102719f7
- SHA512
  
  437443490c76ae0dfcd3654e43fd86bd037e261ab4e1457a4eab8dfd0dd80173dfb11536ca2af6fa4d75fb0413793b97158f347778b7d79e2796416ec2bf1499
- SSDEEP
  
  49152:pukt9OFd6BI2qQkt1B5LP8/QJBt9wyuaG7QI7UhQ0es5DIWhyR8VtS6JSIF+bcLY:oqQ2qdzRLS6JSC5U
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
behavioral21 behavioral22
- Target
  
  fzputtygen.exe
- Size
  
  355KB
- MD5
  
  f202d64a47456e50acba6dffef26c65c
- SHA1
  
  edad917fb2e07fbdcc77ddd46b85cf268546bf0c
- SHA256
  
  e71cf3010e46db0922f0c25251885d1317f2e695e3f7e4fecc035f0d3d987fe5
- SHA512
  
  3eccc1aa9bdedff9c066409c0dccb4479af50afb3a9e0739b187ff5f930d17b92821f45bb31902c25146a1f301faf40fd7f0e02e512cf3449ee89c4a9a7cf57b
- SSDEEP
  
  6144:Ltc5log92nfS9SNNRhyw6Hnsu69H8BoRZWszcMd4NN:pc5exn68fRhyw6HcH1RZxhd4b
Score

1^/10
behavioral23 behavioral24
- Target
  
  fzsftp.exe
- Size
  
  647KB
- MD5
  
  f0814b8ed97027f251cf76403e1a12ce
- SHA1
  
  4db14cc3f41c9ef5f72aa975626a037b03dbfe9c
- SHA256
  
  311488e3c21f1b3573bbe049f94d82135bb049a97128c26f2edded9ec6892adf
- SHA512
  
  ea48e848748258182c1a8787697eadf8725906463ac78fdd7b2f9d111b7df1446ee54b7ac817e8b634cb8bd5022f98b5860aad11b407a7fd65fe22775ef56c83
- SSDEEP
  
  12288:v0i9L2KhouhU7MhrxuJwfe4qKDVQn/d4aBrVA6ZwCOUQZbBz7G6lN:v0QL2KzhU7Mhr4mrqZ14apgUQZbBz7GA
Score

1^/10
behavioral25 behavioral26
- Target
  
  fzstorj.exe
- Size
  
  9.8MB
- MD5
  
  04edcdcdbae273e19e04ad0ab1116834
- SHA1
  
  7ccf4f4652fd71a35ecffdcf8f45d1942dead43d
- SHA256
  
  35cc8b5548b8b5de0f1a55afc515214df9dd109cc5133df686445d82b3ea31db
- SHA512
  
  4a0a2bc84193f42f579fd58040bb4a598d6bffb5bb1ec61c2705fc080eae605938bd2aa0f5281ad5cb3deb46c69313c5bd06b0757cdc5cf4fa9f42fa99e8734d
- SSDEEP
  
  196608:E474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQkce:R4PerWe
Score

1^/10
behavioral27 behavioral28
- Target
  
  libfilezilla-42.dll
- Size
  
  891KB
- MD5
  
  34a1e09147a3b5be04bdd3d549edd11b
- SHA1
  
  f47cdbfa3719cc7897c472c8ba0a3591c63bb110
- SHA256
  
  5a48633810356d16d96004f343df8b5ae361f2a170de9bf92cb94578e034533c
- SHA512
  
  7800c94907aeec900175e8d37f5bf7f373c0c59f80c8982b843ffdae2c2cb6549aea2c271296a3bedafa08cf03fe1753659acb3244c57b48b959e24ef242a5a7
- SSDEEP
  
  12288:yZ7Zr8KF3ksG0sn8d7cNV9MNCemcx1+C1PS0ZDu4POjjjSDtQjC4n/:y9ZrBvSn8VvNCeEz0Z3Pq/SDtQjC4/
Score

1^/10
behavioral29 behavioral30
- Target
  
  libfzclient-commonui-private-3-66-5.dll
- Size
  
  611KB
- MD5
  
  5e0dc1ec221d3a564be50e9e416bf43d
- SHA1
  
  2b808c44c80b9ae6b9e4bf8cb27df0b8191577af
- SHA256
  
  44b1d3616ad095d7d9ca23b3cc77e76c372ce65e5f568fe619990d34ccaaaead
- SHA512
  
  34edc6cc998cd2f92278e5bfaceb73690fe3f01323ea136f2ecc8b157e8fc1dd252073682f8f225a8eabd6ae08c2314e8d454d183359fdef7cdae55ec78299bb
- SSDEEP
  
  6144:rc1+MmxFlHVvQdpwaWJ8eho2e3zrJ2gLo4MVnmmaPyq8ub0LqDnK737xnE+/zMAe:umxFl1vQpSgJgjVmPPygUoK737++/z0x
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads data files stored by FTP clients

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32