General
-
Target
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40
-
Size
1.9MB
-
Sample
240425-p8jzpsba43
-
MD5
1457ef90efde49a7ee83080ce051d6f7
-
SHA1
8ca6d983fe2997fa7009458383b84e0d1edeb279
-
SHA256
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40
-
SHA512
582628e02510812e0ed06cc05a1bfb98e96f019935efb71d23dd94745a0c5db12771bf0c81579dd7ad4f44b90e7192b95d5d2ed4a6649adc00b486c28df643d0
-
SSDEEP
49152:Vbe6aahW7iaBUHvG+vxz90ChL0WF+UIGDDS/NL:vaaA7iYb+dtQWFZvSR
Static task
static1
Behavioral task
behavioral1
Sample
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40.exe
Resource
win11-20240412-en
Malware Config
Extracted
Protocol: ftp- Host:
mail.shemaletubevideos.com - Port:
21 - Username:
[email protected] - Password:
Mm0532Mm
Extracted
Protocol: ftp- Host:
mail.mvgroup.org - Port:
21 - Username:
[email protected] - Password:
Maab2002
Extracted
Protocol: ftp- Host:
mail.mvgroup.org - Port:
21 - Username:
maab2002 - Password:
Maab2002
Extracted
Protocol: ftp- Host:
mail.mvgroup.org - Port:
21 - Username:
admin - Password:
Maab2002
Extracted
Protocol: ftp- Host:
mail.mvgroup.org - Port:
21 - Username:
forums
Targets
-
-
Target
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40
-
Size
1.9MB
-
MD5
1457ef90efde49a7ee83080ce051d6f7
-
SHA1
8ca6d983fe2997fa7009458383b84e0d1edeb279
-
SHA256
9bb0954a71edfd122a5e2b14850702a453fdbf5a632265337c0aee558bdd3e40
-
SHA512
582628e02510812e0ed06cc05a1bfb98e96f019935efb71d23dd94745a0c5db12771bf0c81579dd7ad4f44b90e7192b95d5d2ed4a6649adc00b486c28df643d0
-
SSDEEP
49152:Vbe6aahW7iaBUHvG+vxz90ChL0WF+UIGDDS/NL:vaaA7iYb+dtQWFZvSR
Score10/10-
Contacts a large (797) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-