General
-
Target
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
-
Size
1.8MB
-
Sample
240414-mmbebsfh93
-
MD5
f41c9e6ca239395e71bcf027987282dc
-
SHA1
560a973e308f20e0dbe64a38eaeaa22285ced049
-
SHA256
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b
-
SHA512
cbf99c0e43b3a314ee6681f8655a269c0d51e4d40c10ea9c8571be30c5d69c0287c57be5b13e4fa7aecad7095efb4a741f1839dc9089251f41fa96f35011764a
-
SSDEEP
24576:h7OEqlRKCYqoxOMto8enhtiQkbx6zWXXfKfzZn00Eze2aP4sjagjotkEz4RaZMjM:h7B50L7fiQ26zEXfId0vFaQgMh4pj
Static task
static1
Behavioral task
behavioral1
Sample
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
Resource
win11-20240412-en
Malware Config
Extracted
Protocol: ftp- Host:
aisboard.org - Port:
21 - Username:
[email protected] - Password:
201650643040691$
Extracted
Protocol: ftp- Host:
aisboard.org - Port:
21 - Username:
rvps - Password:
201650643040691$
Extracted
Protocol: ftp- Host:
aisboard.org - Port:
21 - Username:
admin - Password:
201650643040691$
Targets
-
-
Target
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
-
Size
1.8MB
-
MD5
f41c9e6ca239395e71bcf027987282dc
-
SHA1
560a973e308f20e0dbe64a38eaeaa22285ced049
-
SHA256
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b
-
SHA512
cbf99c0e43b3a314ee6681f8655a269c0d51e4d40c10ea9c8571be30c5d69c0287c57be5b13e4fa7aecad7095efb4a741f1839dc9089251f41fa96f35011764a
-
SSDEEP
24576:h7OEqlRKCYqoxOMto8enhtiQkbx6zWXXfKfzZn00Eze2aP4sjagjotkEz4RaZMjM:h7B50L7fiQ26zEXfId0vFaQgMh4pj
Score10/10-
Contacts a large (772) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-