Overview

overview

10

Static

static

3

e6df60c235...ba.exe

windows7-x64

7

e6df60c235...ba.exe

windows7-x64

7

e6df60c235...ba.exe

windows10-1703-x64

7

e6df60c235...ba.exe

windows10-2004-x64

7

e6df60c235...ba.exe

windows11-21h2-x64

10

Resubmissions

17/04/2024, 09:10

240417-k5ehlaaf46 10

17/04/2024, 09:10

240417-k5dw3acb9s 10

17/04/2024, 09:10

240417-k5dlasaf45 10

17/04/2024, 09:10

240417-k5czrsaf44 10

17/04/2024, 09:10

240417-k5cc8scb8z 10

16/04/2024, 14:05

240416-rebgksde3x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

  • Size

    1.9MB

  • Sample

    240417-k5cc8scb8z

  • MD5

    7fd0e978ae68613a96a07194d82ff058

  • SHA1

    25347be4f94a784cb261229109261aba61853308

  • SHA256

    e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

  • SHA512

    d8e17eb7737eb4469e19442769c74a4f25d44c75e53c1ff9483b3e76cd93ebb0dc530b3c6e6eed6753186bdff2c1c7af3d170ac69d1a8ca21f949fcdda7daa5e

  • SSDEEP

    24576:8aptmBr8CsPIejX7NsxexfMOSUH2XydxRY18S55ysdCG7QQdhph8BwvyM86:JmBr8JPxDH2XydxRY/5bdN7QQ8BWyX6

Score
10/10
persistenceupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    markazi.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    alish1383

Targets

    • Target

      e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

    • Size

      1.9MB

    • MD5

      7fd0e978ae68613a96a07194d82ff058

    • SHA1

      25347be4f94a784cb261229109261aba61853308

    • SHA256

      e6df60c235ce89a2d376b3708f8565e0c045020d08e0883ab726bebcd09086ba

    • SHA512

      d8e17eb7737eb4469e19442769c74a4f25d44c75e53c1ff9483b3e76cd93ebb0dc530b3c6e6eed6753186bdff2c1c7af3d170ac69d1a8ca21f949fcdda7daa5e

    • SSDEEP

      24576:8aptmBr8CsPIejX7NsxexfMOSUH2XydxRY18S55ysdCG7QQdhph8BwvyM86:JmBr8JPxDH2XydxRY/5bdN7QQ8BWyX6

    Score
    10/10
    persistenceupx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks