ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

Resubmissions

07/05/2024, 08:48 UTC

240507-kqly5abh68 10

07/05/2024, 08:48 UTC

240507-kqjh1ahb3y 10

07/05/2024, 08:48 UTC

240507-kqh78shb3x 10

07/05/2024, 08:48 UTC

240507-kqhayabh65 10

07/05/2024, 08:48 UTC

240507-kqgz6shb3t 10

25/04/2024, 13:13 UTC

240425-qghg8sbb43 7

Sharing

Copy URL

Twitter E-mail

General

Target

ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
Size

1.9MB
Sample

240507-kqjh1ahb3y
MD5

c4ee55c8f75cf73eb54594775e06a94a
SHA1

3604f680c80cd43621ca45dc911e61e14cf24cb6
SHA256

ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
SHA512

f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18
SSDEEP

49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
mt.fr
Port:
21
Username:
aurea.rodriguez@mt.fr
Password:
imagine1

Extracted

Credentials

Protocol: ftp
Host:
laurentianer.de
Port:
21
Username:
matthias2010@laurentianer.de
Password:
squshclqf

Extracted

Credentials

Protocol: ftp
Host:
basemarket.ru
Port:
21
Username:
zohir@basemarket.ru

Extracted

Credentials

Protocol: ftp
Host:
kryolan.ru
Port:
21
Username:
karina@kryolan.ru
Password:
gmnypvwt

Extracted

Credentials

Protocol: ftp
Host:
basemarket.ru
Port:
21
Username:
zohir

Extracted

Credentials

Protocol: ftp
Host:
zmk-mami.ru
Port:
21
Username:
tsareva.i@zmk-mami.ru
Password:
078ae223

Extracted

Credentials

Protocol: ftp
Host:
diapazon.ru
Port:
21
Username:
el@diapazon.ru
Password:
dscjnf

Extracted

Credentials

Protocol: ftp
Host:
rasa.pro
Port:
21
Username:
info@rasa.pro
Password:
ybeewwt

Extracted

Credentials

Protocol: ftp
Host:
future-tech.ru
Port:
21
Username:
deryabina.m@future-tech.ru
Password:
maria1999

Extracted

Credentials

Protocol: ftp
Host:
roli.ho.ua
Port:
21
Username:
yliana_kostiuk@roli.ho.ua
Password:
yuliana19

Extracted

Credentials

Protocol: ftp
Host:
basemarket.ru
Port:
21
Username:
admin

Extracted

Credentials

Protocol: ftp
Host:
ro.trackitonline.ru
Port:
21
Username:
rotaru@ro.trackitonline.ru
Password:
Iubics2018%

Extracted

Credentials

Protocol: ftp
Host:
trackitonline.ru
Port:
21
Username:
rotaru
Password:
Iubics2018%

Extracted

Credentials

Protocol: ftp
Host:
trackitonline.ru
Port:
21
Username:
ro
Password:
Iubics2018%

Targets

- Target
  
  ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
- Size
  
  1.9MB
- MD5
  
  c4ee55c8f75cf73eb54594775e06a94a
- SHA1
  
  3604f680c80cd43621ca45dc911e61e14cf24cb6
- SHA256
  
  ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
- SHA512
  
  f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18
- SSDEEP
  
  49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT
Score

10^/10

discovery persistence upx
- Contacts a large (688) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Contacts a large (688) amount of remote hosts

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

We care about your privacy.