d7e11b178fcc3d1ee7f6ad3dce6da2ea043de64d521cf3578fb09031cbdb0ae2

Sharing

Copy URL

Twitter E-mail

General

Target

$RON9VYX.exe
Size

11.8MB
Sample

240508-s2wayadh78
MD5

d24255fa5f117a2506045143856b6336
SHA1

8ea2bf726044e98479076d0e64327f7ae7a6e5f2
SHA256

d7e11b178fcc3d1ee7f6ad3dce6da2ea043de64d521cf3578fb09031cbdb0ae2
SHA512

3437a7cb6f256fdb74344b257ff44c3e4ee713c5fb4368f54a3ae2816148d0bd2a2aa1cab3572fd044c9ee05774515776774668ad64f41b70d9dc33c26de754f
SSDEEP

196608:GMWY3hQ7Hj+UECN+4zMBuVTHXUUgnvle7bA32xMNEkDCQxYMwZw9BEu8bEVtN:GMWYMHj+StVT3Iv+EGxMNEUCQxRBElsH

Score

7^/10

Malware Config

Targets

- Target
  
  $RON9VYX.exe
- Size
  
  11.8MB
- MD5
  
  d24255fa5f117a2506045143856b6336
- SHA1
  
  8ea2bf726044e98479076d0e64327f7ae7a6e5f2
- SHA256
  
  d7e11b178fcc3d1ee7f6ad3dce6da2ea043de64d521cf3578fb09031cbdb0ae2
- SHA512
  
  3437a7cb6f256fdb74344b257ff44c3e4ee713c5fb4368f54a3ae2816148d0bd2a2aa1cab3572fd044c9ee05774515776774668ad64f41b70d9dc33c26de754f
- SSDEEP
  
  196608:GMWY3hQ7Hj+UECN+4zMBuVTHXUUgnvle7bA32xMNEkDCQxYMwZw9BEu8bEVtN:GMWYMHj+StVT3Iv+EGxMNEUCQxRBElsH
Score

7^/10

discovery persistence spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a8c86996c4230c2209f5927f21321377
- SHA1
  
  45ce0ab93cb6a3a594e54878cce05df724024393
- SHA256
  
  110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
- SHA512
  
  69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3
- SSDEEP
  
  96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d458b8251443536e4a334147e0170e95
- SHA1
  
  ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3
- SHA256
  
  4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7
- SHA512
  
  6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsis_appid.dll
- Size
  
  3KB
- MD5
  
  19071761e91c43c115a16b52458869b7
- SHA1
  
  75ddb807157f1aa31a08f87be0270f60990bcbbc
- SHA256
  
  e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f
- SHA512
  
  bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c
Score

3^/10
behavioral13 behavioral14
- Target
  
  $R0
- Size
  
  33KB
- MD5
  
  c0280971a69869d7a1f3b35793c839f3
- SHA1
  
  946356173bdd7d575db1d1b3fb04ed81353e098a
- SHA256
  
  c085caea2677b0eeaeecb9afe7e0bad83c2a94fc78d5c3f7819bc7314e54ec69
- SHA512
  
  cdd1530aec393c9c07574e9a32214af8fb5eef85a5be02db68e24e05c5e1d88449f064e280d2bcd21aa6921c7545f30965a6724ce810960001964a3c558370ba
- SSDEEP
  
  768:i2/5ZWpdwrGUxnyiehH/kmjGyhYlaygOENAMxjI:RBZWpvWa5jrYlNixjI
Score

1^/10
behavioral15 behavioral16
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_80_.exe
- Size
  
  5KB
- MD5
  
  48b4f7d95dbff3dfc74fe3d9e41524b8
- SHA1
  
  7bfc27a6eac4796029e841f9d5a61d37de6b34be
- SHA256
  
  fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e
- SHA512
  
  c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d
- SSDEEP
  
  96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5
Score

1^/10
behavioral17 behavioral18
- Target
  
  GPL.html
- Size
  
  15KB
- MD5
  
  11e176c5e0120ee94e365f999084bce8
- SHA1
  
  a612f6d40d0d2ae045d80b60bce6fb6f81a811ef
- SHA256
  
  f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c
- SHA512
  
  d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3
- SSDEEP
  
  192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7
Score

1^/10
behavioral19 behavioral20
- Target
  
  filezilla.exe
- Size
  
  4.0MB
- MD5
  
  79cef3c9de232d1f58f0e26292376584
- SHA1
  
  2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d
- SHA256
  
  26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887
- SHA512
  
  2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4
- SSDEEP
  
  49152:o7BUd0rZmYl3zoN/SXsS9BsF91aVi5WgLli6RbJjwKwam6+I8qzPqS6RxC5UIcOM:gZE/cBstwjein2Vj8B
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
behavioral21 behavioral22
- Target
  
  fzputtygen.exe
- Size
  
  356KB
- MD5
  
  7e208d8c27326712eeeed291ba350c3c
- SHA1
  
  529cc45b918ff8fc980ea826a430f6a4b947196a
- SHA256
  
  06f3610b7582ab8c906a81c0a9ac8199ca738e89a37e05021625c4ad9f7dd95a
- SHA512
  
  87788c865845ed4fd2a969e3a5b970d43c9a6de783ec38ef8237d8aa515644605dd94146eec738d750157ba96befb16dbfadf933e8cab94788f5c35af17271b4
- SSDEEP
  
  6144:4dSNRhY3pH7OehnYmHxlCuNNZRCuFECqColZTRcMR4N+:uSNRC9dtRxlC8ZRiC8lZNhRC+
Score

1^/10
behavioral23 behavioral24
- Target
  
  fzsftp.exe
- Size
  
  648KB
- MD5
  
  1035e5d9386199763a1f683ec4644bf4
- SHA1
  
  e9b9045c29e645ec3bc157d18f83ab94fa280a49
- SHA256
  
  bd4270c0fb61378b8c8f6720e5bb55921783d9255144d34cd13dd575b5c2b41b
- SHA512
  
  a87012f6340fa7be396bb50af880efa57dc3494aabac698cde7d369a4bc2693986763da3946fa279c39012b661b29970e5d801373d00e88c104bfb6a91868080
- SSDEEP
  
  12288:bTZBJ97RLnrlh6wqGX/DA8RYxQzaQ15uypHmZD747fHJ:bTZz3Lnrlh68DlYxa7HmZD87fHJ
Score

1^/10
behavioral25 behavioral26
- Target
  
  fzstorj.exe
- Size
  
  9.8MB
- MD5
  
  978c159cf2df761b4a353925b50da3f4
- SHA1
  
  b79b0ad32795fe1c7a510a2ddb71e49f2aabc555
- SHA256
  
  39eb51c18ac730861c96ddd4b2a73dbc2b7c70ae8411f9f4f5b841e391222820
- SHA512
  
  cee6d0e9afe9445d48bbf7e39a002708c858949edeb7cca058edf3a4a21b5c5ae1b226422d13ef86afdda49e991ef897175e9b0a574ac9ef2e65b3c209971e0c
- SSDEEP
  
  196608:J474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQk2:Y4Per8
Score

1^/10
behavioral27 behavioral28
- Target
  
  libfilezilla-43.dll
- Size
  
  937KB
- MD5
  
  85bd74a17c53eec4cd39fc4fadadc3c6
- SHA1
  
  1f5e48cada5a99b1a0d4364e4091489d4504c606
- SHA256
  
  bdc1ea011a343b36b19411cbab592936432ecec8f0d91ec6f74e10f4f10ddb09
- SHA512
  
  27b4668cad4a30a25f22ac57d35e91609ccf1558a499292ea7637a4829228a9f2a01f918e082a50680a5d4d158e25deb3eca7b1dbc20d1ca6dfeddd418bc14b5
- SSDEEP
  
  12288:0pmXs0Uq6WoUwjfW/BNaYRGKfhEmrsF1q1t7owYaDC09XymDtQeYS8:04fT1GfW/HaYopmY0imDtQeYS8
Score

1^/10
behavioral29 behavioral30
- Target
  
  libfzclient-commonui-private-3-67-0.dll
- Size
  
  611KB
- MD5
  
  bcb38d316fbaea52928113c15d34e4f9
- SHA1
  
  aa9acb9b154e9e9bc9142fd72f395b2c5ec6c645
- SHA256
  
  204f83f6bbdb707ddad08949403512035f30c10dea6f034b2d41c065f0255f3e
- SHA512
  
  d962d466ab4af8d9434d4ed1888331effaf6a1a0dc5d091c01a054c50283c7a739bfb615b762e1e806a9a70f8451d08e5ffdaba3393fabf6f2a6c878fa4e19f0
- SSDEEP
  
  6144:7c1+MmxFlHVyQdpwaWJ8eho2e3zrJ2gLo4MVnmmaPyq8ub0LqDnKw37gn4+tc1Hp:+mxFl1yQpSgJgjVmPPygUoKw37f+tcCE
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads data files stored by FTP clients

Reads data files stored by FTP clients

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32