General

  • Target

    cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15

  • Size

    662KB

  • Sample

    240517-ahtc5agd37

  • MD5

    d031aae0c4b488067297beb2dc26460f

  • SHA1

    7a2fa90c458468651846532d2876eefc7fe15ea2

  • SHA256

    cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15

  • SHA512

    4c7538977edf03602b9b4c29acf4e428850a46cfd9bb448dbc39277d75b4536977baa3c0f370ec2065a837af49d049be14a0fd936b06955dcfb352d6ce3ab3d0

  • SSDEEP

    12288:GubsNSOetfARQAPyGUu7zhubsNSOetfARQAPyGUfT+tkrnC/bv8:GubsnafAPyjSzhubsnafAPyjZrnEL8

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.adephia.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Trey004*

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    risky89

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.nifty.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hikaru1971

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.netcitytw.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ur9A6F1jtqyll

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.convertor-3gp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    klekBvj

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    daisy8239

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    peanut

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    woody1234

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.hotil.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Checco1z

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.progiftstore.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Sundeepstedetb1.

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gofish1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.jcom.home.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    koja10221

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.nifty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    fumina237

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.nifty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tsuka88

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    )anN1916

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.progiftstore.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3ehd0

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    loner1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    GoFiSH

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.free-lesbian-pic.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    eqbqrc

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mun7gall85

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.ezweb.ne
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    samjeep123

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.abcnetworkingu.pl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Gaspzr

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.ezweb.ne
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mohamed

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    void.blackhole.mx
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    stubai

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.ezweb.ne
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    coglione1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tits4me

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    I012906

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mybluelight.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    SARajevo

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mamie12

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.gcdetectivefree.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    9rac8lf445

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    graphite

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.giochi0.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Librolot2!@#?

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bsbcrs6869

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.mannbdinfo.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mail.mannbdinfo

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    superman1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    589180jc

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tammi1978

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    80619e9

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    princess1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    TRAN72

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.mybluelight.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    PLATINUM

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.btvm.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1010rou

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.websitebod.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    88Hwf!

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    5alt6l22w!2019

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.websitebod.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3eHd1ixi1Y

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.breakthur.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Jp1!

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.nikeshoesoutletforsale.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    skiBg349gU

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Amore1Q

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Shopper10

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    631321

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    joshua6

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bladeblade

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nkgqyjx5

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.intermedic.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    m6b78e3qc2

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    coleton

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.nifty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    kana56

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    dumejdaerpfaqqql

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    brooklyn1

Extracted

Credentials

Extracted

Credentials

Extracted

Family

systembc

C2

cobusabobus.cam:4001

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.activecars.co.uk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    w1ll0w

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.activecars.co.uk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    paynio

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.adephia.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fry14big123

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.websitebooty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    YSltpz684K1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.nildram.co.uk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tomahawk23

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.websitebod.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    t1e11nwffi

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.hotil.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1309841

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    naudia

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    inmail1.index.hu
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    671119

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.gcdetectivefree.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    parola12

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.earpitchtraining.info
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    aqz9w9n9VC

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.mix-good.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    91cqiZ8cvT

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    faa100467

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mierin1221

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    getyours

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    861201

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.mix-good.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Bwbiabs!

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    o0mjs74s123

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.breakthur.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    jnmgh34

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.giochi0.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    fasten00@!

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BlackFlash

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    HALLEY

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.xlxe.pl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    DDRANEZE343.

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.hats-wholesaler.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ufyta58z9s!

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.tamercekici.info
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    GouTNujw123

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    abc123

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    INSANITY1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.abcnetworkingu.pl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ga1spz35r1b!

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    krnomore1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.jcom.home.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    k252mhn9

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sexgoddess

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.frontiernet.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    minnewawa2

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.terre-net.fr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ssec84300

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.hats-wholesaler.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Parola12

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    erinmaggie1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.progiftstore.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3ehd1ixi1y

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.hats-wholesaler.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    parola12

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Monster1

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cubica.co.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    48615042

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.redinbox.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    kathy_ny111

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mx.redinbox.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    andrea4067

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    4x2nnj47

Targets

    • Target

      cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15

    • Size

      662KB

    • MD5

      d031aae0c4b488067297beb2dc26460f

    • SHA1

      7a2fa90c458468651846532d2876eefc7fe15ea2

    • SHA256

      cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15

    • SHA512

      4c7538977edf03602b9b4c29acf4e428850a46cfd9bb448dbc39277d75b4536977baa3c0f370ec2065a837af49d049be14a0fd936b06955dcfb352d6ce3ab3d0

    • SSDEEP

      12288:GubsNSOetfARQAPyGUu7zhubsNSOetfARQAPyGUfT+tkrnC/bv8:GubsnafAPyjSzhubsnafAPyjZrnEL8

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Contacts a large (782) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks