Resubmissions

07-05-2024 12:36

240507-pta39afh8x 10

07-05-2024 12:36

240507-ps89nafh8t 10

07-05-2024 12:36

240507-ps7qtsae72 10

07-05-2024 12:36

240507-ps65asfh7y 10

07-05-2024 12:36

240507-ps4deafh7w 8

25-04-2024 13:15

240425-qg8z7abb48 7

General

  • Target

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • Size

    1.8MB

  • Sample

    240507-pta39afh8x

  • MD5

    74f0926d93b595bb0a97d12fcced1f0e

  • SHA1

    057b3c704de258d5b858afc884495405af2c7426

  • SHA256

    f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

  • SHA512

    08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

  • SSDEEP

    49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    21788
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    admin
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    21788
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    elacas
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    admin
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    elacas.edu.pk
  • Port:
    21
  • Username:
    elacas
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    21788
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    admin
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    21788
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    elacas
  • Password:
    adnan1012

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    admin
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elacas.edu.pk
  • Port:
    21
  • Username:
    elacas
  • Password:
    jjjjja

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.cfd.nu.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Ahmad

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.cfd.nu.edu.pk
  • Port:
    21
  • Username:
    f219455
  • Password:
    Ahmad

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.cfd.nu.edu.pk
  • Port:
    21
  • Username:
    admin
  • Password:
    Ahmad

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.cfd.nu.edu.pk
  • Port:
    21
  • Username:
    cfd
  • Password:
    Ahmad

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.cfd.nu.edu.pk
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    sanakijanahmad143

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    zsnr2ns.edu.pl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Pokemony112

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.zsnr2ns.edu.pl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Pokemony112

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    biurobielsko

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    szymon.bakalarski

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.vipazor.pl
  • Port:
    21
  • Username:
    biuro

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.vipazor.pl
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    sferapupila

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    hurtowniakarm

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.vipazor.pl
  • Port:
    21
  • Username:
    vipazor

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.vipazor.pl
  • Port:
    21
  • Username:
    sylwester.mily

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    biuro

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    bielskobiala

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.hurtowniakarm.pl
  • Port:
    21
  • Username:
    sklepbielsko

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    www.vipazor.pl
  • Port:
    21
  • Username:
    sklep

Extracted

Credentials

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.vipazor.pl
  • Port:
    21
  • Username:
    biuro

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.vipazor.pl
  • Port:
    21
  • Username:
    admin

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.vipazor.pl
  • Port:
    21
  • Username:
    vipazor

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.vipazor.pl
  • Port:
    21
  • Username:
    sylwester.mily

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.vipazor.pl
  • Port:
    21
  • Username:
    sklep

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    EUSOULINDO2023

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    hpwR.5u!jW!X5bQ

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    emidiopereira7064
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    admin
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escolasaopedro.pt
  • Port:
    21
  • Username:
    escolasaopedro
  • Password:
    E_4qFiRZ_dckL2r

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ambiencia.tv
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Convencao

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ambiencia.tv
  • Port:
    21
  • Username:
    contato
  • Password:
    Convencao

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ambiencia.tv
  • Port:
    21
  • Username:
    admin
  • Password:
    Convencao

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.ambiencia.tv
  • Port:
    21
  • Username:
    ambiencia
  • Password:
    Convencao

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    am51.me
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Autoswitch66

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    am51.me
  • Port:
    21
  • Username:
    l68
  • Password:
    Autoswitch66

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    am51.me
  • Port:
    21
  • Username:
    admin
  • Password:
    Autoswitch66

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    am51.me
  • Port:
    21
  • Username:
    am51
  • Password:
    Autoswitch66

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    cv01.panaccess.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Merotv_2018

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    cv01.panaccess.com
  • Port:
    21
  • Username:
    dst_byyt_batra
  • Password:
    Merotv_2018

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    cv01.panaccess.com
  • Port:
    21
  • Username:
    admin
  • Password:
    Merotv_2018

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    cv01.panaccess.com
  • Port:
    21
  • Username:
    cv01
  • Password:
    Merotv_2018

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    escritoriolacqua.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    felipe1265

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escritoriolacqua.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    felipe1265

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escritoriolacqua.com
  • Port:
    21
  • Username:
    francisco
  • Password:
    felipe1265

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escritoriolacqua.com
  • Port:
    21
  • Username:
    admin
  • Password:
    felipe1265

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.escritoriolacqua.com
  • Port:
    21
  • Username:
    escritoriolacqua
  • Password:
    felipe1265

Targets

    • Target

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • Size

      1.8MB

    • MD5

      74f0926d93b595bb0a97d12fcced1f0e

    • SHA1

      057b3c704de258d5b858afc884495405af2c7426

    • SHA256

      f1e87674c6c572fbe566e2570de0cb8a958491b36eda957886f42ceca1fe577b

    • SHA512

      08f4b6a7ce8104180e538c2999115bc6cba33f3a66564db1b8369100bdbb540296207233cd25441c97f5ada1f4711c7ad4f12b18cc843ce0e9f719852444622a

    • SSDEEP

      49152:VFqIJny8yP43p0p3PvdvN71jdII5rYjsAIGi:VFqmnbc45YVN71y1AGi

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (564) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks