Overview

overview

10

Static

static

3

f1e87674c6...7b.exe

windows10-2004-x64

10

f1e87674c6...7b.exe

windows7-x64

7

f1e87674c6...7b.exe

windows10-1703-x64

8

f1e87674c6...7b.exe

windows10-2004-x64

10

f1e87674c6...7b.exe

windows11-21h2-x64

10

Resubmissions

07-05-2024 12:36

240507-pta39afh8x 10

07-05-2024 12:36

240507-ps89nafh8t 10

07-05-2024 12:36

240507-ps7qtsae72 10

07-05-2024 12:36

240507-ps65asfh7y 10

07-05-2024 12:36

240507-ps4deafh7w 8

25-04-2024 13:15

240425-qg8z7abb48 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • Size

    1.8MB

  • Sample

    240507-ps89nafh8t

  • MD5

    74f0926d93b595bb0a97d12fcced1f0e

  • SHA1

    057b3c704de258d5b858afc884495405af2c7426

  • SHA256

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • SHA512

    08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

  • SSDEEP

    49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

Score
10/10
discoverymotwpersistencephishingupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    blindlicht.dumon.nl
  • Port:
    21
  • Username:
    michul@blindlicht.dumon.nl
  • Password:
    tm2tojdi

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    luiknatie.be
  • Port:
    21
  • Username:
    kristien@luiknatie.be
  • Password:
    stefaan.verhelst

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    systemhouse.be
  • Port:
    21
  • Username:
    admin@systemhouse.be

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.pulse-security.com
  • Port:
    21
  • Username:
    adybawyw@pulse-security.com
  • Password:
    c.higgins

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.pulse-security.com
  • Port:
    21
  • Username:
    adybawyw
  • Password:
    c.higgins

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.miil.cz
  • Port:
    21
  • Username:
    ionceh@miil.cz
  • Password:
    plzen1977

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.pulse-security.com
  • Port:
    21
  • Username:
    admin
  • Password:
    c.higgins

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.kennelpoika.net
  • Port:
    21
  • Username:
    20miumau00@kennelpoika.net
  • Password:
    jari.nevalainen

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.miil.cz
  • Port:
    21
  • Username:
    ionceh
  • Password:
    plzen1977

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.kennelpoika.net
  • Port:
    21
  • Username:
    20miumau00
  • Password:
    jari.nevalainen

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.pulse-security.com
  • Port:
    21
  • Username:
    pulse-security
  • Password:
    c.higgins

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.systemhouse.be
  • Port:
    21
  • Username:
    admin@systemhouse.be

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.miil.cz
  • Port:
    21
  • Username:
    admin
  • Password:
    plzen1977

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.kennelpoika.net
  • Port:
    21
  • Username:
    admin
  • Password:
    jari.nevalainen

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ssh.miil.cz
  • Port:
    21
  • Username:
    miil
  • Password:
    plzen1977

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.systemhouse.be
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.kennelpoika.net
  • Port:
    21
  • Username:
    kennelpoika
  • Password:
    jari.nevalainen

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.systemhouse.be
  • Port:
    21
  • Username:
    systemhouse

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.signalev.org
  • Port:
    21
  • Username:
    i8to5h1x2fmiq@signalev.org
  • Password:
    nikolaij.graudejus

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.signalev.org
  • Port:
    21
  • Username:
    i8to5h1x2fmiq
  • Password:
    nikolaij.graudejus

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.signalev.org
  • Port:
    21
  • Username:
    admin
  • Password:
    nikolaij.graudejus

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.signalev.org
  • Port:
    21
  • Username:
    signalev
  • Password:
    nikolaij.graudejus

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    neueliebe.com
  • Port:
    21
  • Username:
    hossahossa@neueliebe.com
  • Password:
    schillinger

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    neueliebe.com
  • Port:
    21
  • Username:
    hossahossa
  • Password:
    schillinger

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    neueliebe.com
  • Port:
    21
  • Username:
    admin
  • Password:
    schillinger

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    neueliebe.com
  • Port:
    21
  • Username:
    neueliebe
  • Password:
    schillinger

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    especiallyforu.com
  • Port:
    21
  • Username:
    lpatrick@especiallyforu.com
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    especiallyforu.com
  • Port:
    21
  • Username:
    lpatrick
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    especiallyforu.com
  • Port:
    21
  • Username:
    admin
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    especiallyforu.com
  • Port:
    21
  • Username:
    especiallyforu
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.especiallyforu.com
  • Port:
    21
  • Username:
    lpatrick@especiallyforu.com
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.especiallyforu.com
  • Port:
    21
  • Username:
    lpatrick
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.especiallyforu.com
  • Port:
    21
  • Username:
    admin
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.especiallyforu.com
  • Port:
    21
  • Username:
    especiallyforu
  • Password:
    lpatr.nytan

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    asvoe-burgenland.at
  • Port:
    21
  • Username:
    aaceac7b@asvoe-burgenland.at
  • Password:
    berlakovich

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    asvoe-burgenland.at
  • Port:
    21
  • Username:
    aaceac7b
  • Password:
    berlakovich

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    asvoe-burgenland.at
  • Port:
    21
  • Username:
    admin
  • Password:
    berlakovich

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    asvoe-burgenland.at
  • Port:
    21
  • Username:
    asvoe-burgenland
  • Password:
    berlakovich

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    vividprojects.de
  • Port:
    21
  • Username:
    joerg.meister@vividprojects.de
  • Password:
    |-Rjy/U58wUao=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    vividprojects.de
  • Port:
    21
  • Username:
    joerg.meister
  • Password:
    |-Rjy/U58wUao=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    vividprojects.de
  • Port:
    21
  • Username:
    admin
  • Password:
    |-Rjy/U58wUao=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    vividprojects.de
  • Port:
    21
  • Username:
    vividprojects
  • Password:
    |-Rjy/U58wUao=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.adders.me.uk
  • Port:
    21
  • Username:
    99999-coco13@adders.me.uk
  • Password:
    adman56899

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.adders.me.uk
  • Port:
    21
  • Username:
    99999-coco13
  • Password:
    adman56899

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.adders.me.uk
  • Port:
    21
  • Username:
    admin
  • Password:
    adman56899

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.adders.me.uk
  • Port:
    21
  • Username:
    adders
  • Password:
    adman56899

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.zonab.rs
  • Port:
    21
  • Username:
    office@zonab.rs
  • Password:
    lacika09

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.zonab.rs
  • Port:
    21
  • Username:
    office
  • Password:
    lacika09

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.zonab.rs
  • Port:
    21
  • Username:
    admin
  • Password:
    lacika09

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.fletchline.com
  • Port:
    21
  • Username:
    barefoot19@fletchline.com
  • Password:
    jeffshelton

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.fletchline.com
  • Port:
    21
  • Username:
    barefoot19
  • Password:
    jeffshelton

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mail.zonab.rs
  • Port:
    21
  • Username:
    zonab
  • Password:
    lacika09

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.fletchline.com
  • Port:
    21
  • Username:
    admin
  • Password:
    jeffshelton

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.fletchline.com
  • Port:
    21
  • Username:
    fletchline
  • Password:
    jeffshelton

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    tofuklops.de
  • Port:
    21
  • Username:
    johunnes@tofuklops.de
  • Password:
    59trick

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    tofuklops.de
  • Port:
    21
  • Username:
    johunnes
  • Password:
    59trick

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    tofuklops.de
  • Port:
    21
  • Username:
    admin
  • Password:
    59trick

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    tofuklops.de
  • Port:
    21
  • Username:
    tofuklops
  • Password:
    59trick

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.bbull.com
  • Port:
    21
  • Username:
    muinmuncluss08@bbull.com
  • Password:
    murch294

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.bbull.com
  • Port:
    21
  • Username:
    muinmuncluss08
  • Password:
    murch294

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.bbull.com
  • Port:
    21
  • Username:
    admin
  • Password:
    murch294

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.bbull.com
  • Port:
    21
  • Username:
    bbull
  • Password:
    murch294

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.jager.fr
  • Port:
    21
  • Username:
    bhiggins@jager.fr
  • Password:
    fuck3rs

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.jager.fr
  • Port:
    21
  • Username:
    bhiggins
  • Password:
    fuck3rs

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.jager.fr
  • Port:
    21
  • Username:
    admin
  • Password:
    fuck3rs

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.jager.fr
  • Port:
    21
  • Username:
    jager
  • Password:
    fuck3rs

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gatti.fr
  • Port:
    21
  • Username:
    bella@gatti.fr
  • Password:
    isabella123gatti

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gatti.fr
  • Port:
    21
  • Username:
    bella
  • Password:
    isabella123gatti

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gatti.fr
  • Port:
    21
  • Username:
    admin
  • Password:
    isabella123gatti

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gatti.fr
  • Port:
    21
  • Username:
    gatti
  • Password:
    isabella123gatti

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fout-vonal.hu
  • Port:
    21
  • Username:
    mtiyod@fout-vonal.hu
  • Password:
    kecso.tamas

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fout-vonal.hu
  • Port:
    21
  • Username:
    mtiyod
  • Password:
    kecso.tamas

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fout-vonal.hu
  • Port:
    21
  • Username:
    admin
  • Password:
    kecso.tamas

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fout-vonal.hu
  • Port:
    21
  • Username:
    fout-vonal
  • Password:
    kecso.tamas

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gcontrol.net
  • Port:
    21
  • Username:
    nlol6hh@gcontrol.net
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gcontrol.net
  • Port:
    21
  • Username:
    nlol6hh
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gcontrol.net
  • Port:
    21
  • Username:
    admin
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    gcontrol.net
  • Port:
    21
  • Username:
    gcontrol
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.gcontrol.net
  • Port:
    21
  • Username:
    nlol6hh@gcontrol.net
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.gcontrol.net
  • Port:
    21
  • Username:
    nlol6hh
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.gcontrol.net
  • Port:
    21
  • Username:
    admin
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.gcontrol.net
  • Port:
    21
  • Username:
    gcontrol
  • Password:
    bgildersleeve

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    la-colline.nl
  • Port:
    21
  • Username:
    welkom@la-colline.nl
  • Password:
    gertjordaans

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ssh.udllc.net
  • Port:
    21
  • Username:
    postmaster@udllc.net
  • Password:
    10011001

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ssh.udllc.net
  • Port:
    21
  • Username:
    postmaster
  • Password:
    10011001

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ssh.udllc.net
  • Port:
    21
  • Username:
    admin
  • Password:
    10011001

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ssh.udllc.net
  • Port:
    21
  • Username:
    udllc
  • Password:
    10011001

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    somethingfunny.net
  • Port:
    21
  • Username:
    hcrpporj@somethingfunny.net

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    somethingfunny.net
  • Port:
    21
  • Username:
    hcrpporj

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    somethingfunny.net
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    somethingfunny.net
  • Port:
    21
  • Username:
    somethingfunny

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hiddenvintage.com
  • Port:
    21
  • Username:
    hidden@hiddenvintage.com
  • Password:
    natasha

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fonderiapovolaro.com
  • Port:
    21
  • Username:
    office@fonderiapovolaro.com
  • Password:
    M2FG8NF

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    hiddenvintage.com
  • Port:
    21
  • Username:
    hidden
  • Password:
    natasha

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fonderiapovolaro.com
  • Port:
    21
  • Username:
    office
  • Password:
    M2FG8NF

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fonderiapovolaro.com
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    fonderiapovolaro.com
  • Port:
    21
  • Username:
    fonderiapovolaro
  • Password:
    M2FG8NF

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.fonderiapovolaro.com
  • Port:
    21
  • Username:
    office@fonderiapovolaro.com
  • Password:
    M2FG8NF

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    protectasolutions.be
  • Port:
    21
  • Username:
    office@protectasolutions.be

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    protectasolutions.be
  • Port:
    21
  • Username:
    office

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    protectasolutions.be
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    protectasolutions.be
  • Port:
    21
  • Username:
    protectasolutions

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.protectasolutions.be
  • Port:
    21
  • Username:
    office@protectasolutions.be

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.protectasolutions.be
  • Port:
    21
  • Username:
    office

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.protectasolutions.be
  • Port:
    21
  • Username:
    protectasolutions

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    pms-electronics.de
  • Port:
    21
  • Username:
    a.dach@pms-electronics.de
  • Password:
    |-D8AdHLbWcqU=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    www.pms-electronics.de
  • Port:
    21
  • Username:
    a.dach
  • Password:
    |-D8AdHLbWcqU=-|-|--

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    www.pms-electronics.de
  • Port:
    21
  • Username:
    pms-electronics

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    seaonline.org
  • Port:
    21
  • Username:
    admin@seaonline.org
  • Password:
    WF173TP

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    merkconst.com
  • Port:
    21
  • Username:
    admin@merkconst.com
  • Password:
    1truelove

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    seaonline.org
  • Port:
    21
  • Username:
    admin
  • Password:
    WF173TP

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    merkconst.com
  • Port:
    21
  • Username:
    admin
  • Password:
    1truelove

Targets

    • Target

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • Size

      1.8MB

    • MD5

      74f0926d93b595bb0a97d12fcced1f0e

    • SHA1

      057b3c704de258d5b858afc884495405af2c7426

    • SHA256

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • SHA512

      08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

    • SSDEEP

      49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

    Score
    10/10
    discoverymotwpersistencephishingupx

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (887) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks