bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8

Target

bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
Size

1.9MB
Sample

240412-rq4mhabb49
MD5

bab406ad3b0603a45625755ffbccce49
SHA1

7ce0bd31c68c5b54854098acad195b7a8d804939
SHA256

bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8
SHA512

a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc
SSDEEP

49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
neuromediasoft.fr
Port:
21
Username:
[email protected]
Password:
austinu#

Targets

- Target
  
  bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
- Size
  
  1.9MB
- MD5
  
  bab406ad3b0603a45625755ffbccce49
- SHA1
  
  7ce0bd31c68c5b54854098acad195b7a8d804939
- SHA256
  
  bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8
- SHA512
  
  a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc
- SSDEEP
  
  49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA
Score

10^/10

discovery persistence upx
- Contacts a large (1463) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Contacts a large (1463) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4