Overview

overview

10

Static

static

3

f1e87674c6...7b.exe

windows7-x64

7

f1e87674c6...7b.exe

windows7-x64

10

f1e87674c6...7b.exe

windows10-1703-x64

7

f1e87674c6...7b.exe

windows10-2004-x64

10

f1e87674c6...7b.exe

windows11-21h2-x64

10

Resubmissions

07-05-2024 12:36

240507-pta39afh8x 10

07-05-2024 12:36

240507-ps89nafh8t 10

07-05-2024 12:36

240507-ps7qtsae72 10

07-05-2024 12:36

240507-ps65asfh7y 10

07-05-2024 12:36

240507-ps4deafh7w 8

25-04-2024 13:15

240425-qg8z7abb48 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • Size

    1.8MB

  • Sample

    240507-ps65asfh7y

  • MD5

    74f0926d93b595bb0a97d12fcced1f0e

  • SHA1

    057b3c704de258d5b858afc884495405af2c7426

  • SHA256

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • SHA512

    08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

  • SSDEEP

    49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    idist.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    qwe123qwe5158

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fincaestudio.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    H96678537

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.tophid.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    2qs1ppwm

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    argus-shipping.ru
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    qfflbj4xx

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.tophid.ru
  • Port:
    21
  • Username:
    mail
  • Password:
    2qs1ppwm

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    www.ratezza.ru
  • Port:
    21
  • Username:
    info
  • Password:
    uxtosvp

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Alejandrez_85

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    TG8

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Willy&chari2008

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    TG8

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    TG8

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Carolina2010

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    areafinanciera.es
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Andrea200933

Targets

    • Target

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • Size

      1.8MB

    • MD5

      74f0926d93b595bb0a97d12fcced1f0e

    • SHA1

      057b3c704de258d5b858afc884495405af2c7426

    • SHA256

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • SHA512

      08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

    • SSDEEP

      49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

    Score
    10/10
    persistenceupxdiscovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks