2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250

Target

2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250
Size

1.9MB
Sample

240412-r18n7sec6x
MD5

59646583129acf5244d686f15aadb25a
SHA1

5b8b55dc12217eb37bd25ca61cd7aceec729e603
SHA256

2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250
SHA512

99a4c6612de866f966f2b9f84c16ada59d3606db942011d720debe12f4b059a9aec1b7c1046231b15ae728b6a27e616056588680aa3ebcbf0340a4d6eeddb9b2
SSDEEP

49152:Qe6RRRpEHQN/ThQrezxMQnXW8qaJZkRLagEoH6gFt:Q9nLEcrhhmYLwpbE+t

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
futuria.be
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
marchand-knapen.com
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
futuria.be
Port:
21
Username:
patrick

Extracted

Credentials

Protocol: ftp
Host:
marchand-knapen.com
Port:
21
Username:
webmaster

Extracted

Credentials

Protocol: ftp
Host:
marchand-knapen.com
Port:
21
Username:
admin

Extracted

Credentials

Protocol: ftp
Host:
marchand-knapen.com
Port:
21
Username:
marchand-knapen

Extracted

Credentials

Protocol: ftp
Host:
manitoba.be
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
manitoba.be
Port:
21
Username:
marie

Extracted

Credentials

Protocol: ftp
Host:
tangeraas.com
Port:
21
Username:
[email protected]
Password:
tangeraaS1adqa219

Extracted

Credentials

Protocol: ftp
Host:
tangeraas.com
Port:
21
Username:
[email protected]
Password:
tangeraaS1!!aeae123

Targets

- Target
  
  2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250
- Size
  
  1.9MB
- MD5
  
  59646583129acf5244d686f15aadb25a
- SHA1
  
  5b8b55dc12217eb37bd25ca61cd7aceec729e603
- SHA256
  
  2cdc39f39a9369ae4062822ea6726f2e508d5d29514b3cee06f809ce6ef16250
- SHA512
  
  99a4c6612de866f966f2b9f84c16ada59d3606db942011d720debe12f4b059a9aec1b7c1046231b15ae728b6a27e616056588680aa3ebcbf0340a4d6eeddb9b2
- SSDEEP
  
  49152:Qe6RRRpEHQN/ThQrezxMQnXW8qaJZkRLagEoH6gFt:Q9nLEcrhhmYLwpbE+t
Score

10^/10

discovery persistence upx
- Contacts a large (727) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Contacts a large (727) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4