dd803ed2b9e87858a9dc436a7e6078ff8bf092c75d655b58f80e046373fe5b26 | Triage

Sharing

General

Target

e147d59f35ce57dd627d2f9c6621de20
Size

88KB
Sample

240327-kw2lrsgg98
MD5

e147d59f35ce57dd627d2f9c6621de20
SHA1

a8e1da7d0b91d22efaf7dc78372c22d2acd3fbc1
SHA256

dd803ed2b9e87858a9dc436a7e6078ff8bf092c75d655b58f80e046373fe5b26
SHA512

04c98436e830b7faa692126dc016d62ae9982b6ad585066600a2e258b464a0407e8b01f37d9d7c59f305e3b27f4dd90067cc47dc3e22abcf85a5c42ee3536c8f
SSDEEP

1536:PBYTiUI32apSTczVK5+i0bMLa+5vBGwFZ37DtEg9EQHKO:mmR2adBK5ybvEJGwnrDWQHKO

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost22.com
Port:
21
Username:
b22_7677470
Password:
EMUHHACK

Targets

- Target
  
  e147d59f35ce57dd627d2f9c6621de20
- Size
  
  88KB
- MD5
  
  e147d59f35ce57dd627d2f9c6621de20
- SHA1
  
  a8e1da7d0b91d22efaf7dc78372c22d2acd3fbc1
- SHA256
  
  dd803ed2b9e87858a9dc436a7e6078ff8bf092c75d655b58f80e046373fe5b26
- SHA512
  
  04c98436e830b7faa692126dc016d62ae9982b6ad585066600a2e258b464a0407e8b01f37d9d7c59f305e3b27f4dd90067cc47dc3e22abcf85a5c42ee3536c8f
- SSDEEP
  
  1536:PBYTiUI32apSTczVK5+i0bMLa+5vBGwFZ37DtEg9EQHKO:mmR2adBK5ybvEJGwnrDWQHKO
Score

10^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2