Resubmissions

07-05-2024 08:45

240507-kn5nfsha6t 10

07-05-2024 08:45

240507-kn42xsbg96 10

07-05-2024 08:44

240507-knlkksbg83 10

07-05-2024 08:44

240507-knky2sbg79 10

07-05-2024 08:44

240507-knknaabg78 10

25-04-2024 13:01

240425-p9hg9sah6z 7

General

  • Target

    079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04

  • Size

    1.8MB

  • Sample

    240507-kn5nfsha6t

  • MD5

    05e0bbeb4452eb1e90ba6e2c730519df

  • SHA1

    a231b7fc6fd2ac37f29d0c20531dba861fc3afa9

  • SHA256

    079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04

  • SHA512

    3ba2dd278cf8e6b91c8b44839e37bb47f64262de2d42341711acfa0e790491690c965cac9d39de9c76105004dfa0dee34f391ff0d01097f8bf262d94300e78f1

  • SSDEEP

    49152:/gceKimpc/OM9yeF/WRG+jFvmpQtySk5kf:/gpKBp6O8yeFIG+jVaH

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ingecan.com
  • Port:
    21
  • Username:
    inco56@ingecan.com
  • Password:
    comercial

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ingecan.com
  • Port:
    21
  • Username:
    inco56
  • Password:
    comercial

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.holonium.com
  • Port:
    21
  • Username:
    postmaster@holonium.com
  • Password:
    jonathan17

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ingecan.com
  • Port:
    21
  • Username:
    admin
  • Password:
    comercial

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.holonium.com
  • Port:
    21
  • Username:
    postmaster
  • Password:
    jonathan17

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ingecan.com
  • Port:
    21
  • Username:
    ingecan
  • Password:
    comercial

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.holonium.com
  • Port:
    21
  • Username:
    admin
  • Password:
    jonathan17

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.holonium.com
  • Port:
    21
  • Username:
    holonium
  • Password:
    jonathan17

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    truechem.net
  • Port:
    21
  • Username:
    lsherry@truechem.net
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    truechem.net
  • Port:
    21
  • Username:
    lsherry
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    truechem.net
  • Port:
    21
  • Username:
    admin
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    truechem.net
  • Port:
    21
  • Username:
    truechem
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.truechem.net
  • Port:
    21
  • Username:
    lsherry@truechem.net
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.truechem.net
  • Port:
    21
  • Username:
    lsherry
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.truechem.net
  • Port:
    21
  • Username:
    admin
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.truechem.net
  • Port:
    21
  • Username:
    truechem
  • Password:
    ,"317537"

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.emullins.com
  • Port:
    21
  • Username:
    no-reply@emullins.com
  • Password:
    ladyqueen98

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.emullins.com
  • Port:
    21
  • Username:
    no-reply
  • Password:
    ladyqueen98

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.emullins.com
  • Port:
    21
  • Username:
    admin
  • Password:
    ladyqueen98

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.emullins.com
  • Port:
    21
  • Username:
    emullins
  • Password:
    ladyqueen98

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    whippedcreem.com
  • Port:
    21
  • Username:
    admin@whippedcreem.com
  • Password:
    74farost8

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mail.whippedcreem.com
  • Port:
    21
  • Username:
    admin
  • Password:
    74farost8

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mail.whippedcreem.com
  • Port:
    21
  • Username:
    whippedcreem
  • Password:
    74farost8

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.printpower.eu
  • Port:
    21
  • Username:
    frunk.leerkotte@printpower.eu

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.printpower.eu
  • Port:
    21
  • Username:
    frunk.leerkotte

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.printpower.eu
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.printpower.eu
  • Port:
    21
  • Username:
    printpower

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    chrisandanne.co.uk
  • Port:
    21
  • Username:
    office@chrisandanne.co.uk
  • Password:
    teovat640

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    chrisandanne.co.uk
  • Port:
    21
  • Username:
    office
  • Password:
    teovat640

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    chrisandanne.co.uk
  • Port:
    21
  • Username:
    admin
  • Password:
    teovat640

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    chrisandanne.co.uk
  • Port:
    21
  • Username:
    chrisandanne
  • Password:
    teovat640

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    synetronic.com
  • Port:
    21
  • Username:
    n3m1n0123@synetronic.com
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    synetronic.com
  • Port:
    21
  • Username:
    n3m1n0123
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    synetronic.com
  • Port:
    21
  • Username:
    admin
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    synetronic.com
  • Port:
    21
  • Username:
    synetronic
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.synetronic.com
  • Port:
    21
  • Username:
    n3m1n0123@synetronic.com
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.synetronic.com
  • Port:
    21
  • Username:
    n3m1n0123
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.synetronic.com
  • Port:
    21
  • Username:
    admin
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.synetronic.com
  • Port:
    21
  • Username:
    synetronic
  • Password:
    fabrizio.nicoletti

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ementhal.com
  • Port:
    21
  • Username:
    mormor@ementhal.com
  • Password:
    ementhal

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    thatriplathraat.20m.com
  • Port:
    21
  • Username:
    mtgcagant258@thatriplathraat.20m.com
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    thatriplathraat.20m.com
  • Port:
    21
  • Username:
    mtgcagant258
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ssh.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    admin
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    oxmust.co.uk
  • Port:
    21
  • Username:
    melmison@oxmust.co.uk
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ssh.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    thatriplathraat
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    oxmust.co.uk
  • Port:
    21
  • Username:
    melmison
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    oxmust.co.uk
  • Port:
    21
  • Username:
    admin
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    oxmust.co.uk
  • Port:
    21
  • Username:
    oxmust
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    mtgcagant258@thatriplathraat.20m.com
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    mtgcagant258
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    admin
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    pop3.thatriplathraat.20m.com
  • Port:
    21
  • Username:
    thatriplathraat
  • Password:
    Mtgcagant258

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.oxmust.co.uk
  • Port:
    21
  • Username:
    melmison@oxmust.co.uk
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.oxmust.co.uk
  • Port:
    21
  • Username:
    melmison
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.oxmust.co.uk
  • Port:
    21
  • Username:
    admin
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.oxmust.co.uk
  • Port:
    21
  • Username:
    oxmust
  • Password:
    melmouse

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.embarkproductions.com
  • Port:
    21
  • Username:
    jason@embarkproductions.com
  • Password:
    chicago70

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.embarkproductions.com
  • Port:
    21
  • Username:
    jason
  • Password:
    chicago70

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.embarkproductions.com
  • Port:
    21
  • Username:
    admin
  • Password:
    chicago70

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.embarkproductions.com
  • Port:
    21
  • Username:
    embarkproductions
  • Password:
    chicago70

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mail.visionfundzambia.org
  • Port:
    21
  • Username:
    admin@visionfundzambia.org
  • Password:
    martin1234

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mail.visionfundzambia.org
  • Port:
    21
  • Username:
    admin
  • Password:
    martin1234

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    mail.visionfundzambia.org
  • Port:
    21
  • Username:
    visionfundzambia
  • Password:
    martin1234

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ulrich-thies.de
  • Port:
    21
  • Username:
    werbung@ulrich-thies.de
  • Password:
    gofffaz

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ulrich-thies.de
  • Port:
    21
  • Username:
    werbung
  • Password:
    gofffaz

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ulrich-thies.de
  • Port:
    21
  • Username:
    admin
  • Password:
    gofffaz

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ulrich-thies.de
  • Port:
    21
  • Username:
    ulrich-thies
  • Password:
    gofffaz

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    redpoint.kz
  • Port:
    21
  • Username:
    lurissu@redpoint.kz
  • Password:
    fructul212

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    redpoint.kz
  • Port:
    21
  • Username:
    lurissu
  • Password:
    fructul212

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    redpoint.kz
  • Port:
    21
  • Username:
    admin
  • Password:
    fructul212

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    imschweiler-net.de
  • Port:
    21
  • Username:
    admin@imschweiler-net.de
  • Password:
    dilapoge

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    imschweiler-net.de
  • Port:
    21
  • Username:
    admin
  • Password:
    dilapoge

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    imschweiler-net.de
  • Port:
    21
  • Username:
    imschweiler-net
  • Password:
    dilapoge

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.imschweiler-net.de
  • Port:
    21
  • Username:
    admin@imschweiler-net.de
  • Password:
    dilapoge

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    yarally.nl
  • Port:
    21
  • Username:
    webmaster@yarally.nl
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.imschweiler-net.de
  • Port:
    21
  • Username:
    admin
  • Password:
    dilapoge

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    yarally.nl
  • Port:
    21
  • Username:
    webmaster
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    yarally.nl
  • Port:
    21
  • Username:
    admin
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    yarally.nl
  • Port:
    21
  • Username:
    yarally
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.yarally.nl
  • Port:
    21
  • Username:
    webmaster@yarally.nl
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.yarally.nl
  • Port:
    21
  • Username:
    webmaster
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.yarally.nl
  • Port:
    21
  • Username:
    admin
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.yarally.nl
  • Port:
    21
  • Username:
    yarally
  • Password:
    Yarally123!

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    styleloft.co.kr
  • Port:
    21
  • Username:
    ji5309@styleloft.co.kr
  • Password:
    jihyun_park

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    styleloft.co.kr
  • Port:
    21
  • Username:
    ji5309
  • Password:
    jihyun_park

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    styleloft.co.kr
  • Port:
    21
  • Username:
    admin
  • Password:
    jihyun_park

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    styleloft.co.kr
  • Port:
    21
  • Username:
    styleloft
  • Password:
    jihyun_park

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.arathi.com
  • Port:
    21
  • Username:
    arathi@arathi.com
  • Password:
    arathi1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.arathi.com
  • Port:
    21
  • Username:
    arathi
  • Password:
    arathi1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.arathi.com
  • Port:
    21
  • Username:
    admin
  • Password:
    arathi1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    illufoxdesign.com
  • Port:
    21
  • Username:
    grlyo@illufoxdesign.com
  • Password:
    sv589reYc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    illufoxdesign.com
  • Port:
    21
  • Username:
    grlyo
  • Password:
    sv589reYc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    illufoxdesign.com
  • Port:
    21
  • Username:
    admin
  • Password:
    sv589reYc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    illufoxdesign.com
  • Port:
    21
  • Username:
    illufoxdesign
  • Password:
    sv589reYc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.develix.fr
  • Port:
    21
  • Username:
    redzone03@develix.fr
  • Password:
    doudoune1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.develix.fr
  • Port:
    21
  • Username:
    redzone03
  • Password:
    doudoune1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.develix.fr
  • Port:
    21
  • Username:
    admin
  • Password:
    doudoune1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.develix.fr
  • Port:
    21
  • Username:
    develix
  • Password:
    doudoune1

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    confectious.net
  • Port:
    21
  • Username:
    mo88ney@confectious.net
  • Password:
    egoodman

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.confectious.net
  • Port:
    21
  • Username:
    mo88ney
  • Password:
    egoodman

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.confectious.net
  • Port:
    21
  • Username:
    admin
  • Password:
    egoodman

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.confectious.net
  • Port:
    21
  • Username:
    confectious
  • Password:
    egoodman

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    lasaterandmartin.com
  • Port:
    21
  • Username:
    janet@lasaterandmartin.com
  • Password:
    janet123

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.lasaterandmartin.com
  • Port:
    21
  • Username:
    janet
  • Password:
    janet123

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.lasaterandmartin.com
  • Port:
    21
  • Username:
    admin
  • Password:
    janet123

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.lasaterandmartin.com
  • Port:
    21
  • Username:
    lasaterandmartin
  • Password:
    janet123

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.zwa-mev.de
  • Port:
    21
  • Username:
    m.schlicht@zwa-mev.de
  • Password:
    |-/GuhqLUDmmU=-|-|--

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.zwa-mev.de
  • Port:
    21
  • Username:
    m.schlicht
  • Password:
    |-/GuhqLUDmmU=-|-|--

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.zwa-mev.de
  • Port:
    21
  • Username:
    admin
  • Password:
    |-/GuhqLUDmmU=-|-|--

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.zwa-mev.de
  • Port:
    21
  • Username:
    zwa-mev
  • Password:
    |-/GuhqLUDmmU=-|-|--

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    sieben-kandern.de
  • Port:
    21
  • Username:
    administracion@sieben-kandern.de
  • Password:
    Silvia_1968

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ciaravino.it
  • Port:
    21
  • Username:
    ofia@ciaravino.it
  • Password:
    qwertyuiop

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ciaravino.it
  • Port:
    21
  • Username:
    ofia
  • Password:
    qwertyuiop

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    icgsmegastore.it
  • Port:
    21
  • Username:
    fax@icgsmegastore.it
  • Password:
    Xjdh38R

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    tashi-reisen-zwickau.de
  • Port:
    21
  • Username:
    thomas.guenther@tashi-reisen-zwickau.de
  • Password:
    Zollamt70

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    icgsmegastore.it
  • Port:
    21
  • Username:
    fax
  • Password:
    Xjdh38R

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    kaotours.com
  • Port:
    21
  • Username:
    info@kaotours.com
  • Password:
    Kaotours09

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    huck.org
  • Port:
    21
  • Username:
    gurgel@huck.org
  • Password:
    megum8o

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    schoetzcohnins.com
  • Port:
    21
  • Username:
    1wayside@schoetzcohnins.com
  • Password:
    richard

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    huck.org
  • Port:
    21
  • Username:
    admin
  • Password:
    megum8o

Targets

    • Target

      079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04

    • Size

      1.8MB

    • MD5

      05e0bbeb4452eb1e90ba6e2c730519df

    • SHA1

      a231b7fc6fd2ac37f29d0c20531dba861fc3afa9

    • SHA256

      079d3ed502ea4bddba6eddae4b7b227dce3315db40ca10d26741abe23d81fd04

    • SHA512

      3ba2dd278cf8e6b91c8b44839e37bb47f64262de2d42341711acfa0e790491690c965cac9d39de9c76105004dfa0dee34f391ff0d01097f8bf262d94300e78f1

    • SSDEEP

      49152:/gceKimpc/OM9yeF/WRG+jFvmpQtySk5kf:/gpKBp6O8yeFIG+jVaH

    • Contacts a large (2026) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks