079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04

Resubmissions

07/05/2024, 08:45

240507-kn5nfsha6t 10

07/05/2024, 08:45

07/05/2024, 08:44

07/05/2024, 08:44

07/05/2024, 08:44

25/04/2024, 13:01

Sharing

Copy URL

Twitter E-mail

General

Target

079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04
Size

1.8MB
Sample

240507-kn42xsbg96
MD5

05e0bbeb4452eb1e90ba6e2c730519df
SHA1

a231b7fc6fd2ac37f29d0c20531dba861fc3afa9
SHA256

079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04
SHA512

3ba2dd278cf8e6b91c8b44839e37bb47f64262de2d42341711acfa0e790491690c965cac9d39de9c76105004dfa0dee34f391ff0d01097f8bf262d94300e78f1
SSDEEP

49152:/gceKimpc/OM9yeF/WRG+jFvmpQtySk5kf:/gpKBp6O8yeFIG+jVaH

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
halogamingleague.com
Port:
21
Username:
[email protected]
Password:
spartanmdx7

Extracted

Credentials

Protocol: ftp
Host:
studiorighi.net
Port:
21
Username:
[email protected]
Password:
zopanyqo

Targets

- Target
  
  079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04
- Size
  
  1.8MB
- MD5
  
  05e0bbeb4452eb1e90ba6e2c730519df
- SHA1
  
  a231b7fc6fd2ac37f29d0c20531dba861fc3afa9
- SHA256
  
  079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04
- SHA512
  
  3ba2dd278cf8e6b91c8b44839e37bb47f64262de2d42341711acfa0e790491690c965cac9d39de9c76105004dfa0dee34f391ff0d01097f8bf262d94300e78f1
- SSDEEP
  
  49152:/gceKimpc/OM9yeF/WRG+jFvmpQtySk5kf:/gpKBp6O8yeFIG+jVaH
Score

10^/10

discovery persistence upx motw phishing
- Contacts a large (683) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Contacts a large (683) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Legitimate hosting services abused for malware hosting/C2

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5