9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202 | Triage

Submit
Reports

Overview

overview

Static

static

3

FileZilla_...up.exe

windows11-21h2-x64

Resubmissions

16/05/2024, 15:29

240516-sw7f1sbd29 10

16/05/2024, 15:22

240516-srzwdaag4v 7

16/05/2024, 15:17

240516-spb2jaah24 7

Sharing

Copy URL Twitter E-mail

General

Target

FileZilla_3.67.0_win64_sponsored2-setup.exe
Size

12.2MB
Sample

240516-sw7f1sbd29
MD5

e4acf0e303e9f1371f029e013f902262
SHA1

180f686f2afe1ad0ac6f3498e70af910fcbce620
SHA256

9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
SHA512

fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
SSDEEP

393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FileZilla_3.67.0_win64_sponsored2-setup.exe

Resource

win11-20240426-en

bootkit discovery evasion persistence spyware stealer trojan

windows11-21h2-x64

29 signatures

600 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
update.filezilla-project.org
Port:
21
Username:
FileZilla
Password:
3.67.0

Targets

- Target
  
  FileZilla_3.67.0_win64_sponsored2-setup.exe
- Size
  
  12.2MB
- MD5
  
  e4acf0e303e9f1371f029e013f902262
- SHA1
  
  180f686f2afe1ad0ac6f3498e70af910fcbce620
- SHA256
  
  9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
- SHA512
  
  fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
- SSDEEP
  
  393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5
Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy