e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

Resubmissions

17/04/2024, 09:10

240417-k5ehlaaf46 10

17/04/2024, 09:10

17/04/2024, 09:10

17/04/2024, 09:10

17/04/2024, 09:10

16/04/2024, 14:05

Sharing

Copy URL Twitter E-mail

General

Target

e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba
Size

1.9MB
Sample

240416-rebgksde3x
MD5

7fd0e978ae68613a96a07194d82ff058
SHA1

25347be4f94a784cb261229109261aba61853308
SHA256

e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba
SHA512

d8e17eb7737eb4469e19442769c74a4f25d44c75e53c1ff9483b3e76cd93ebb0dc530b3c6e6eed6753186bdff2c1c7af3d170ac69d1a8ca21f949fcdda7daa5e
SSDEEP

24576:8aptmBr8CsPIejX7NsxexfMOSUH2XydxRY18S55ysdCG7QQdhph8BwvyM86:JmBr8JPxDH2XydxRY/5bdN7QQ8BWyX6

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
uploadcloud.pro
Port:
21
Username:
[email protected]
Password:
4002300

Extracted

Credentials

Protocol: ftp
Host:
uploadcloud.pro
Port:
21
Username:
dodoyo
Password:
4002300

Extracted

Credentials

Protocol: ftp
Host:
kimzongyool.com
Port:
21
Username:
[email protected]
Password:
dkxmzla1244!

Extracted

Credentials

Protocol: ftp
Host:
www.kimzongyool.com
Port:
21
Username:
artkim0725
Password:
dkxmzla1244!

Targets

- Target
  
  e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba
- Size
  
  1.9MB
- MD5
  
  7fd0e978ae68613a96a07194d82ff058
- SHA1
  
  25347be4f94a784cb261229109261aba61853308
- SHA256
  
  e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba
- SHA512
  
  d8e17eb7737eb4469e19442769c74a4f25d44c75e53c1ff9483b3e76cd93ebb0dc530b3c6e6eed6753186bdff2c1c7af3d170ac69d1a8ca21f949fcdda7daa5e
- SSDEEP
  
  24576:8aptmBr8CsPIejX7NsxexfMOSUH2XydxRY18S55ysdCG7QQdhph8BwvyM86:JmBr8JPxDH2XydxRY/5bdN7QQ8BWyX6
Score

10^/10

persistence upx discovery
- Contacts a large (796) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Contacts a large (796) amount of remote hosts

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5