534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c

Sharing

Copy URL

Twitter E-mail

General

Target

534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c.exe
Size

1.9MB
Sample

240521-rtdv9ahc3v
MD5

72929dc9cd7ff04c903459f70d0756a6
SHA1

ecc70471eec1491257d0b954e92484a666b15a81
SHA256

534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c
SHA512

1bfb064e45d906fd6fa7c75f3a32cb4a27cb32f3dd3564334d6573d5430e465d6929a1330905f42c81bb538976cccc7c9e10ed60e36b1884e12c797720983d47
SSDEEP

49152:QGJTeLOqwizFY/f1QRv41eaTNGC0Y8ZxMjI6IeLH3q:T1wOqwMY/Kv41VfBJj

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
weclearn.net
Port:
21
Username:
[email protected]
Password:
Divanni1WEC

Extracted

Credentials

Protocol: ftp
Host:
relocationjobs.co.il
Port:
21
Username:
[email protected]
Password:
maui1170

Extracted

Credentials

Protocol: ftp
Host:
weclearn.net
Port:
21
Username:
divanni.ntaganira
Password:
Divanni1WEC

Extracted

Credentials

Protocol: ftp
Host:
relocationjobs.co.il
Port:
21
Username:
inbal
Password:
maui1170

Extracted

Credentials

Protocol: ftp
Host:
relocationjobs.co.il
Port:
21
Username:
admin
Password:
maui1170

Extracted

Credentials

Protocol: ftp
Host:
relocationjobs.co.il
Port:
21
Username:
relocationjobs
Password:
maui1170

Extracted

Credentials

Protocol: ftp
Host:
weclearn.net
Port:
21
Username:
weclearn
Password:
Divanni1WEC

Extracted

Credentials

Protocol: ftp
Host:
ftp.pcbordeaux.fr
Port:
21
Username:
[email protected]
Password:
Jerk01!

Extracted

Credentials

Protocol: ftp
Host:
ftp.abramsgang.com
Port:
21
Username:
[email protected]
Password:
OEWNLS

Extracted

Credentials

Protocol: ftp
Host:
ftp.shopbluepeppermint.com
Port:
21
Username:
[email protected]
Password:
54i27r

Extracted

Credentials

Protocol: ftp
Host:
lpi-incendie.fr
Port:
21
Username:
[email protected]
Password:
dream76

Extracted

Credentials

Protocol: ftp
Host:
www.lpi-incendie.fr
Port:
21
Username:
ableuet
Password:
dream76

Extracted

Credentials

Protocol: ftp
Host:
tsuru.fr
Port:
21
Username:
[email protected]
Password:
Nippon50

Extracted

Credentials

Protocol: ftp
Host:
www.lpi-incendie.fr
Port:
21
Username:
admin
Password:
dream76

Extracted

Credentials

Protocol: ftp
Host:
manoirdelateterouge.com
Port:
21
Username:
[email protected]

Extracted

Credentials

Protocol: ftp
Host:
www.lpi-incendie.fr
Port:
21
Username:
lpi-incendie
Password:
dream76

Extracted

Credentials

Protocol: ftp
Host:
simul-retraite.fr
Port:
21
Username:
[email protected]
Password:
M@ximis75!

Targets

- Target
  
  534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c.exe
- Size
  
  1.9MB
- MD5
  
  72929dc9cd7ff04c903459f70d0756a6
- SHA1
  
  ecc70471eec1491257d0b954e92484a666b15a81
- SHA256
  
  534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c
- SHA512
  
  1bfb064e45d906fd6fa7c75f3a32cb4a27cb32f3dd3564334d6573d5430e465d6929a1330905f42c81bb538976cccc7c9e10ed60e36b1884e12c797720983d47
- SSDEEP
  
  49152:QGJTeLOqwizFY/f1QRv41eaTNGC0Y8ZxMjI6IeLH3q:T1wOqwMY/Kv41VfBJj
Score

10^/10

discovery persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

UPX packed file

Adds Run key to start application

Creates a large amount of network flows

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2