837f62877205239f1fe4da919c60d141c30812018451ace07767895cbf6437d0 | Triage

Sharing

General

Target

abe36bf39d6167eb9c12fcdcf48ef508
Size

1.2MB
Sample

240228-prtgtabe96
MD5

abe36bf39d6167eb9c12fcdcf48ef508
SHA1

496bd18fa6cd505a9e8f075e9a928ff0a2489c56
SHA256

837f62877205239f1fe4da919c60d141c30812018451ace07767895cbf6437d0
SHA512

45288821df6d8fd15195ddba6733262fa0c2918939ba55aa9b3a382883dcd0da7c30692c6c2cfc58be0305c25f36778a4b93bb113247e8a67b8afd4d7d7992a4
SSDEEP

24576:OAHnh+eWsN3skA4RV1Hom2KXMmHax4mkIykTKgm6G+C7X85:5h+ZkldoPK8YaxN1TP+7S

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
files.000webhost.com
Port:
21
Username:
fdhfdcgfgg

Targets

- Target
  
  abe36bf39d6167eb9c12fcdcf48ef508
- Size
  
  1.2MB
- MD5
  
  abe36bf39d6167eb9c12fcdcf48ef508
- SHA1
  
  496bd18fa6cd505a9e8f075e9a928ff0a2489c56
- SHA256
  
  837f62877205239f1fe4da919c60d141c30812018451ace07767895cbf6437d0
- SHA512
  
  45288821df6d8fd15195ddba6733262fa0c2918939ba55aa9b3a382883dcd0da7c30692c6c2cfc58be0305c25f36778a4b93bb113247e8a67b8afd4d7d7992a4
- SSDEEP
  
  24576:OAHnh+eWsN3skA4RV1Hom2KXMmHax4mkIykTKgm6G+C7X85:5h+ZkldoPK8YaxN1TP+7S
Score

10^/10
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2