9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

Resubmissions

16/05/2024, 15:29

240516-sw7f1sbd29 10

16/05/2024, 15:22

240516-srzwdaag4v 7

16/05/2024, 15:17

240516-spb2jaah24 7

Sharing

Copy URL Twitter E-mail

General

Target

FileZilla_3.67.0_win64_sponsored2-setup.exe
Size

12.2MB
Sample

240516-srzwdaag4v
MD5

e4acf0e303e9f1371f029e013f902262
SHA1

180f686f2afe1ad0ac6f3498e70af910fcbce620
SHA256

9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
SHA512

fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
SSDEEP

393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  FileZilla_3.67.0_win64_sponsored2-setup.exe
- Size
  
  12.2MB
- MD5
  
  e4acf0e303e9f1371f029e013f902262
- SHA1
  
  180f686f2afe1ad0ac6f3498e70af910fcbce620
- SHA256
  
  9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
- SHA512
  
  fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
- SSDEEP
  
  393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5
Score

4^/10
behavioral1
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_106_.exe
- Size
  
  5KB
- MD5
  
  48b4f7d95dbff3dfc74fe3d9e41524b8
- SHA1
  
  7bfc27a6eac4796029e841f9d5a61d37de6b34be
- SHA256
  
  fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e
- SHA512
  
  c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d
- SSDEEP
  
  96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5
Score

1^/10
behavioral2
- Target
  
  GPL.html
- Size
  
  15KB
- MD5
  
  11e176c5e0120ee94e365f999084bce8
- SHA1
  
  a612f6d40d0d2ae045d80b60bce6fb6f81a811ef
- SHA256
  
  f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c
- SHA512
  
  d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3
- SSDEEP
  
  192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7
Score

1^/10
behavioral3
- Target
  
  filezilla.exe
- Size
  
  4.0MB
- MD5
  
  79cef3c9de232d1f58f0e26292376584
- SHA1
  
  2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d
- SHA256
  
  26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887
- SHA512
  
  2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4
- SSDEEP
  
  49152:o7BUd0rZmYl3zoN/SXsS9BsF91aVi5WgLli6RbJjwKwam6+I8qzPqS6RxC5UIcOM:gZE/cBstwjein2Vj8B
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
behavioral4
- Target
  
  fzputtygen.exe
- Size
  
  356KB
- MD5
  
  7e208d8c27326712eeeed291ba350c3c
- SHA1
  
  529cc45b918ff8fc980ea826a430f6a4b947196a
- SHA256
  
  06f3610b7582ab8c906a81c0a9ac8199ca738e89a37e05021625c4ad9f7dd95a
- SHA512
  
  87788c865845ed4fd2a969e3a5b970d43c9a6de783ec38ef8237d8aa515644605dd94146eec738d750157ba96befb16dbfadf933e8cab94788f5c35af17271b4
- SSDEEP
  
  6144:4dSNRhY3pH7OehnYmHxlCuNNZRCuFECqColZTRcMR4N+:uSNRC9dtRxlC8ZRiC8lZNhRC+
Score

1^/10
behavioral5
- Target
  
  fzsftp.exe
- Size
  
  648KB
- MD5
  
  1035e5d9386199763a1f683ec4644bf4
- SHA1
  
  e9b9045c29e645ec3bc157d18f83ab94fa280a49
- SHA256
  
  bd4270c0fb61378b8c8f6720e5bb55921783d9255144d34cd13dd575b5c2b41b
- SHA512
  
  a87012f6340fa7be396bb50af880efa57dc3494aabac698cde7d369a4bc2693986763da3946fa279c39012b661b29970e5d801373d00e88c104bfb6a91868080
- SSDEEP
  
  12288:bTZBJ97RLnrlh6wqGX/DA8RYxQzaQ15uypHmZD747fHJ:bTZz3Lnrlh68DlYxa7HmZD87fHJ
Score

1^/10
behavioral6
- Target
  
  fzstorj.exe
- Size
  
  9.8MB
- MD5
  
  978c159cf2df761b4a353925b50da3f4
- SHA1
  
  b79b0ad32795fe1c7a510a2ddb71e49f2aabc555
- SHA256
  
  39eb51c18ac730861c96ddd4b2a73dbc2b7c70ae8411f9f4f5b841e391222820
- SHA512
  
  cee6d0e9afe9445d48bbf7e39a002708c858949edeb7cca058edf3a4a21b5c5ae1b226422d13ef86afdda49e991ef897175e9b0a574ac9ef2e65b3c209971e0c
- SSDEEP
  
  196608:J474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQk2:Y4Per8
Score

1^/10
behavioral7
- Target
  
  libgcc_s_seh-1.dll
- Size
  
  115KB
- MD5
  
  3fed2de912b37afefa8288cf6d287570
- SHA1
  
  3e215b74b3fee54771301dedf7e118af9e67b2ec
- SHA256
  
  7b108e6a2ac50fb4599940058be5c6eed8b74691cdfe4c082aa6d47b341ade67
- SHA512
  
  edf83e3485235a4f7655b8c8f1e15e3382fdd34e1241a84a8d555d16fe339fb55c12cad5b87b0884ff55c4cc6b1920d57c5a74972296740a7beb48efe1471e19
- SSDEEP
  
  1536:aglQqu9+fvPh1sbMuEZ5Ox65AP7FopvcRJ3n0ubJ6AZg2JCZIPkjX0wyLNix3:yLkfvvsbMBZuwyycRh0hA2K8jXpgNG
Score

1^/10
behavioral8
- Target
  
  locales/en/filezilla.mo
- Size
  
  275B
- MD5
  
  807d27e041dd3ed1cd2c872c283a6e52
- SHA1
  
  c94a40db0cbe1efa783a463526c423dea89f500f
- SHA256
  
  dd0b523740c89630994264359e1eccef53c6848928efc7c034f993c1b3e4b22f
- SHA512
  
  21657b5b353a53bbda7370d863cdc0003e21761add65737d3c6de49294b44e28c9c35b61be3c9a06e5e78b5a65f6c11546865d778509863f266092c7b72ea2ca
Score

3^/10
behavioral9
- Target
  
  locales/et/libfilezilla.mo
- Size
  
  897B
- MD5
  
  5efc220d09dd367b9f6f564cccb9e8a4
- SHA1
  
  b7ef72f9bd305088d05a55835c0d34bf66fcc4f0
- SHA256
  
  e3daa21d3381497dc96862cf2d5f20c24634a6901de8420989ad89ba81aefa76
- SHA512
  
  bb7da2ae6c8de7731841b9ff300232d5506ee8df51f7e49cc1d3d19ca12b5b0b4757e2d604d3b2331100d4454fab8031875021300b141cbd7fccb430b77d0c9d
Score

3^/10
behavioral10
- Target
  
  locales/fa_IR/filezilla.mo
- Size
  
  125KB
- MD5
  
  363a037e42bee31166854c0b334ec74d
- SHA1
  
  68f1a0871407e00d8f4b3d1c3317dd1765f47462
- SHA256
  
  a0bdf1a7f4693882b9373ac8d2aaf782a778371925166dc8ec6eb54093f81d5c
- SHA512
  
  cda3bf3c92f9d5b5cae71d37827fb63cbf1a0a66f3d550bb0b55c20246532424487d24ad285b9c4aadeccfe23383a94e83021f679849af4d4ca5c65628eb82a8
- SSDEEP
  
  3072:niJ+l3JmazXdxiaQDZflEJi1QYt3uo1t5S2AE1lgU70Xxo6My/w2rl:niJ+l3HzNxiamfrdu8XgU7iF/w2rl
Score

3^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Reads data files stored by FTP clients

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11