Overview

overview

10

Static

static

3

8a531865aa...91.exe

windows7-x64

7

8a531865aa...91.exe

windows10-1703-x64

7

8a531865aa...91.exe

windows10-2004-x64

10

8a531865aa...91.exe

windows11-21h2-x64

8

Resubmissions

09-04-2024 10:06

240409-l5bmdacc75 7

09-04-2024 10:05

240409-l4pgvacc66 7

09-04-2024 10:05

240409-l4nwbacc65 10

09-04-2024 10:05

240409-l4m9safe9x 10

29-01-2024 04:54

240129-fjkehaaec3 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a531865aa5785bb7b20574bb347744a5d83cf8719c6809217402b4fa5fbde91

  • Size

    1.9MB

  • Sample

    240409-l4nwbacc65

  • MD5

    d5057eda9b4251e0e52fb2d8524cfa57

  • SHA1

    327f6d72563fdfb1ab206ac9a3b2d4c770d066f5

  • SHA256

    8a531865aa5785bb7b20574bb347744a5d83cf8719c6809217402b4fa5fbde91

  • SHA512

    24d423aa3d71b12af016c5918940d4984f1640f902dc36adc9a29dd9980baa2210ea250111b052dc9fdc5cdfbea8ece8813494f2d2ccecefa60f224a3d731fb2

  • SSDEEP

    24576:OPUnujryKC12iAlGaRctykklEPjJ3QIzs6yBKSolGIUOVPgJAt8EnZapKtpMh6co:9Dr2iAcKcC+N3Bs6ywSz5SSAza88hqx

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hells-hack.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    12345678910выф

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hells-hack.com
  • Port:
    21
  • Username:
    mr.crazy
  • Password:
    12345678910выф

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hells-hack.com
  • Port:
    21
  • Username:
    admin
  • Password:
    12345678910выф

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hells-hack.com
  • Port:
    21
  • Username:
    hells-hack
  • Password:
    12345678910выф

Targets

    • Target

      8a531865aa5785bb7b20574bb347744a5d83cf8719c6809217402b4fa5fbde91

    • Size

      1.9MB

    • MD5

      d5057eda9b4251e0e52fb2d8524cfa57

    • SHA1

      327f6d72563fdfb1ab206ac9a3b2d4c770d066f5

    • SHA256

      8a531865aa5785bb7b20574bb347744a5d83cf8719c6809217402b4fa5fbde91

    • SHA512

      24d423aa3d71b12af016c5918940d4984f1640f902dc36adc9a29dd9980baa2210ea250111b052dc9fdc5cdfbea8ece8813494f2d2ccecefa60f224a3d731fb2

    • SSDEEP

      24576:OPUnujryKC12iAlGaRctykklEPjJ3QIzs6yBKSolGIUOVPgJAt8EnZapKtpMh6co:9Dr2iAcKcC+N3Bs6ywSz5SSAza88hqx

    Score
    10/10
    persistenceupxdiscovery

    • Contacts a large (1568) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks