General
-
Target
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
Size
1.8MB
-
Sample
240507-ps65asfh7y
-
MD5
74f0926d93b595bb0a97d12fcced1f0e
-
SHA1
057b3c704de258d5b858afc884495405af2c7426
-
SHA256
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
SHA512
08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a
-
SSDEEP
49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi
Static task
static1
Behavioral task
behavioral1
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win11-20240426-en
Malware Config
Extracted
Protocol: ftp- Host:
idist.ru - Port:
21 - Username:
[email protected] - Password:
qwe123qwe5158
Extracted
Protocol: ftp- Host:
fincaestudio.es - Port:
21 - Username:
[email protected] - Password:
H96678537
Extracted
Protocol: ftp- Host:
ratezza.ru - Port:
21 - Username:
[email protected] - Password:
uxtosvp
Extracted
Protocol: ftp- Host:
mail.tophid.ru - Port:
21 - Username:
[email protected] - Password:
2qs1ppwm
Extracted
Protocol: ftp- Host:
argus-shipping.ru - Port:
21 - Username:
[email protected] - Password:
qfflbj4xx
Extracted
Protocol: ftp- Host:
mail.tophid.ru - Port:
21 - Username:
mail - Password:
2qs1ppwm
Extracted
Protocol: ftp- Host:
www.ratezza.ru - Port:
21 - Username:
info - Password:
uxtosvp
Extracted
Protocol: ftp- Host:
rauduve.ru - Port:
21 - Username:
[email protected] - Password:
boss1967
Extracted
Protocol: ftp- Host:
biz-k.com - Port:
21 - Username:
[email protected] - Password:
xc5azzth
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
Alejandrez_85
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
TG8
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
Willy&chari2008
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
TG8
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
TG8
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
Carolina2010
Extracted
Protocol: ftp- Host:
areafinanciera.es - Port:
21 - Username:
[email protected] - Password:
Andrea200933
Targets
-
-
Target
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
Size
1.8MB
-
MD5
74f0926d93b595bb0a97d12fcced1f0e
-
SHA1
057b3c704de258d5b858afc884495405af2c7426
-
SHA256
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
SHA512
08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a
-
SSDEEP
49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi
Score10/10-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-