General
-
Target
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
Size
1.8MB
-
Sample
240507-ps7qtsae72
-
MD5
74f0926d93b595bb0a97d12fcced1f0e
-
SHA1
057b3c704de258d5b858afc884495405af2c7426
-
SHA256
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
SHA512
08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a
-
SSDEEP
49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi
Static task
static1
Behavioral task
behavioral1
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win7-20240215-en
Behavioral task
behavioral3
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b.exe
Resource
win11-20240419-en
Malware Config
Extracted
Protocol: ftp- Host:
remontcity.ru - Port:
21 - Username:
[email protected] - Password:
hsb5doi
Extracted
Protocol: ftp- Host:
rugen.ru - Port:
21 - Username:
[email protected] - Password:
zgtrf7mx
Extracted
Protocol: ftp- Host:
mschool5.in.ua - Port:
21 - Username:
[email protected] - Password:
29255707
Extracted
Protocol: ftp- Host:
leandrodaddario.it - Port:
21 - Username:
[email protected] - Password:
L71ndr9898
Extracted
Protocol: ftp- Host:
merdan.de - Port:
21 - Username:
[email protected] - Password:
0R!sP9st8
Extracted
Protocol: ftp- Host:
merdan.de - Port:
21 - Username:
admin - Password:
0R!sP9st8
Targets
-
-
Target
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
Size
1.8MB
-
MD5
74f0926d93b595bb0a97d12fcced1f0e
-
SHA1
057b3c704de258d5b858afc884495405af2c7426
-
SHA256
f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b
-
SHA512
08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a
-
SSDEEP
49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi
Score10/10-
Contacts a large (857) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-