General
-
Target
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d
-
Size
1.9MB
-
Sample
240409-qbet6aff89
-
MD5
57c833bfd5042e34bec23dfd711cd151
-
SHA1
6bcd1915173d57d369e209943be31eebebdd535a
-
SHA256
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d
-
SHA512
3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1
-
SSDEEP
49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w
Static task
static1
Behavioral task
behavioral1
Sample
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d.exe
Resource
win11-20240221-en
Malware Config
Extracted
Protocol: ftp- Host:
mobalpa.fr - Port:
21 - Username:
[email protected] - Password:
tco99mtp
Extracted
Protocol: ftp- Host:
mobalpa.fr - Port:
21 - Username:
87270 - Password:
tco99mtp
Targets
-
-
Target
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d
-
Size
1.9MB
-
MD5
57c833bfd5042e34bec23dfd711cd151
-
SHA1
6bcd1915173d57d369e209943be31eebebdd535a
-
SHA256
9d3c881c29156b8fd82ced7c7726c4c65d4e741533c9f886112f440698b1469d
-
SHA512
3c14531cd81ac2276cac72da573cb5f452c53b96175acca025a8e30251c487fcd382a8bc25a5241e6700832dbb760313bf9e51ffa0fcd480d5ddc6662cbc02e1
-
SSDEEP
49152:JpOMJqAtfj8YFWZUQUqxbhS+oWOKl9BoKzLPGz+fATq:BJqaj8S8zUqx0xW1KKzLP8w
Score10/10-
Contacts a large (873) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-