0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37

Resubmissions

17-04-2024 08:52

240417-ksyeyaac95 10

17-04-2024 08:52

17-04-2024 08:52

17-04-2024 08:52

17-04-2024 08:52

16-04-2024 13:49

Sharing

Copy URL

Twitter E-mail

General

Target

0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37
Size

1.9MB
Sample

240417-kswaksac87
MD5

3b1eaf69697336c389c2f4b91c7782f4
SHA1

c7649995e194921ed2ba31e27afbbbeec7fe3fe0
SHA256

0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37
SHA512

a29a22bbb837e4ec24123b58efac03da7cfac7cd106d53c8a729fff8630149ae83f05dc961d864d850cc0dd4bf66a26155d904fd1f3858401d3134f130f1393e
SSDEEP

49152:NA7mBr8JPxDH2XydxRY/5bdN7QQ8BWyX:OU8bDsYihoB

Score

10^/10

persistence upx

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
meinstellplatz.de
Port:
21
Username:
[email protected]
Password:
94HsGs247+

Extracted

Credentials

Protocol: ftp
Host:
meinstellplatz.de
Port:
21
Username:
dieing
Password:
94HsGs247+

Extracted

Credentials

Protocol: ftp
Host:
mystorybrookacademy.com
Port:
21
Username:
[email protected]
Password:
h0EAU8BUC

Extracted

Credentials

Protocol: ftp
Host:
meinstellplatz.de
Port:
21
Username:
admin
Password:
94HsGs247+

Targets

- Target
  
  0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37
- Size
  
  1.9MB
- MD5
  
  3b1eaf69697336c389c2f4b91c7782f4
- SHA1
  
  c7649995e194921ed2ba31e27afbbbeec7fe3fe0
- SHA256
  
  0899f861216a0a19c1d76624980ce1b1053b1ad3984b1a4d6e7eb0e95ace3c37
- SHA512
  
  a29a22bbb837e4ec24123b58efac03da7cfac7cd106d53c8a729fff8630149ae83f05dc961d864d850cc0dd4bf66a26155d904fd1f3858401d3134f130f1393e
- SSDEEP
  
  49152:NA7mBr8JPxDH2XydxRY/5bdN7QQ8BWyX:OU8bDsYihoB
Score

10^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5