Overview

overview

7

Static

static

3

FileZilla_...up.exe

windows11-21h2-x64

4

$R2/NSIS.L...6_.exe

windows11-21h2-x64

1

GPL.html

windows11-21h2-x64

1

filezilla.exe

windows11-21h2-x64

7

fzputtygen.exe

windows11-21h2-x64

1

fzsftp.exe

windows11-21h2-x64

1

fzstorj.exe

windows11-21h2-x64

1

libgcc_s_seh-1.dll

windows11-21h2-x64

1

locales/en...la.eml

windows11-21h2-x64

3

locales/et...la.eml

windows11-21h2-x64

3

locales/fa...lla.mo

windows11-21h2-x64

3

Resubmissions

16-05-2024 15:29

240516-sw7f1sbd29 10

16-05-2024 15:22

240516-srzwdaag4v 7

16-05-2024 15:17

240516-spb2jaah24 7

Analysis

  • max time kernel
    451s
  • max time network
    459s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-05-2024 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FileZilla_3.67.0_win64_sponsored2-setup.exe

  • Size

    12.2MB

  • MD5

    e4acf0e303e9f1371f029e013f902262

  • SHA1

    180f686f2afe1ad0ac6f3498e70af910fcbce620

  • SHA256

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

  • SHA512

    fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

  • SSDEEP

    393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FileZilla_3.67.0_win64_sponsored2-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\FileZilla_3.67.0_win64_sponsored2-setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsv6E2D.tmp\System.dll
    Filesize

    12KB

    MD5

    4add245d4ba34b04f213409bfe504c07

    SHA1

    ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    SHA256

    9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    SHA512

    1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6E2D.tmp\UAC.dll
    Filesize

    14KB

    MD5

    adb29e6b186daa765dc750128649b63d

    SHA1

    160cbdc4cb0ac2c142d361df138c537aa7e708c9

    SHA256

    2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    SHA512

    b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv6E2D.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    d458b8251443536e4a334147e0170e95

    SHA1

    ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

    SHA256

    4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

    SHA512

    6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

    Download Submit