Overview

overview

10

Static

static

3

8f142aa5fa...a1.exe

windows10-2004-x64

7

8f142aa5fa...a1.exe

windows7-x64

10

8f142aa5fa...a1.exe

windows10-1703-x64

10

8f142aa5fa...a1.exe

windows10-2004-x64

8

8f142aa5fa...a1.exe

windows11-21h2-x64

7

Resubmissions

17/04/2024, 12:30 UTC

240417-pprkfage31 7

17/04/2024, 12:30 UTC

240417-ppgp8seh76 10

17/04/2024, 12:30 UTC

240417-ppf4pseh74 10

17/04/2024, 12:29 UTC

240417-pn9pmaeh59 8

17/04/2024, 12:29 UTC

240417-pn834agd9s 8

16/04/2024, 13:40 UTC

240416-qyl7rada4t 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f142aa5fa506a316c7d3737ce7761ddb66f17227c8206b0d08c7de4724882a1

  • Size

    1.9MB

  • Sample

    240417-ppf4pseh74

  • MD5

    30f046e1459ca02a1c2ac6fc6275092c

  • SHA1

    8670f533c929445eb15d1e9939eaf58f47d39be3

  • SHA256

    8f142aa5fa506a316c7d3737ce7761ddb66f17227c8206b0d08c7de4724882a1

  • SHA512

    dffb426dd1e7c67d6e5d31c8237c7138f78343946a0da2fb0785f5a8c6e200a56fd0d11ae4d6205fc39720141c178ecef55085e4ee39e7ff52ec6ac97a14d491

  • SSDEEP

    49152:M6cHoIV5sg2a54Zi7O10no5YSDZnlJYmhPZh:dcL8g2pZOO10no5fDNT5PZh

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    awi-industries.com
  • Port:
    21
  • Username:
    jzhang@awi-industries.com
  • Password:
    987654321a

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    madxs.com
  • Port:
    21
  • Username:
    erik@madxs.com
  • Password:
    Oioioi

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    m-a-d.com
  • Port:
    21
  • Username:
    erik
  • Password:
    Oioioi

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    m-a-d.com
  • Port:
    21
  • Username:
    admin
  • Password:
    Oioioi

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    m-a-d.com
  • Port:
    21
  • Username:
    madxs
  • Password:
    Oioioi

Targets

    • Target

      8f142aa5fa506a316c7d3737ce7761ddb66f17227c8206b0d08c7de4724882a1

    • Size

      1.9MB

    • MD5

      30f046e1459ca02a1c2ac6fc6275092c

    • SHA1

      8670f533c929445eb15d1e9939eaf58f47d39be3

    • SHA256

      8f142aa5fa506a316c7d3737ce7761ddb66f17227c8206b0d08c7de4724882a1

    • SHA512

      dffb426dd1e7c67d6e5d31c8237c7138f78343946a0da2fb0785f5a8c6e200a56fd0d11ae4d6205fc39720141c178ecef55085e4ee39e7ff52ec6ac97a14d491

    • SSDEEP

      49152:M6cHoIV5sg2a54Zi7O10no5YSDZnlJYmhPZh:dcL8g2pZOO10no5fDNT5PZh

    Score
    10/10
    persistenceupxdiscovery

    • Contacts a large (754) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.