ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

Resubmissions

07-05-2024 08:48

240507-kqly5abh68 10

07-05-2024 08:48

07-05-2024 08:48

07-05-2024 08:48

07-05-2024 08:48

25-04-2024 13:13

Sharing

Copy URL

Twitter E-mail

General

Target

ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
Size

1.9MB
Sample

240507-kqly5abh68
MD5

c4ee55c8f75cf73eb54594775e06a94a
SHA1

3604f680c80cd43621ca45dc911e61e14cf24cb6
SHA256

ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
SHA512

f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18
SSDEEP

49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
basemarket.ru
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
54prokat.ru
Port:
21
Username:
[email protected]
Password:
vjnqepr

Extracted

Credentials

Protocol: ftp
Host:
gank4.com
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
xi-tech.com
Port:
21
Username:
[email protected]
Password:
B2aster234stro2730

Extracted

Credentials

Protocol: ftp
Host:
commerzdirektservice.de
Port:
21
Username:
[email protected]
Password:
E7m

Extracted

Credentials

Protocol: ftp
Host:
www.commerzdirektservice.de
Port:
21
Username:
ayseguel.karslioglu
Password:
E7m

Extracted

Credentials

Protocol: ftp
Host:
maxitrans.de
Port:
21
Username:
[email protected]
Password:
dODUHA

Extracted

Credentials

Protocol: ftp
Host:
users.alriyada.ly
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
users.alriyada.ly
Port:
21
Username:
mohsh

Extracted

Credentials

Protocol: ftp
Host:
users.alriyada.ly
Port:
21
Username:
admin

Targets

- Target
  
  ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
- Size
  
  1.9MB
- MD5
  
  c4ee55c8f75cf73eb54594775e06a94a
- SHA1
  
  3604f680c80cd43621ca45dc911e61e14cf24cb6
- SHA256
  
  ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81
- SHA512
  
  f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18
- SSDEEP
  
  49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT
Score

10^/10

discovery persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5