Overview

overview

10

Static

static

3

lrthijawd.exe

windows7-x64

10

lrthijawd.exe

windows10-2004-x64

10

Resubmissions

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lrthijawd.exe

  • Size

    898KB

  • Sample

    240604-sjhl5abb4t

  • MD5

    1b1ecd323162c054864b63ada693cd71

  • SHA1

    333a67545a5d1aad4d73a3501f7152b4529b6b3e

  • SHA256

    902337bbf17ac4e015e03d12e79b60b8dd5a8362496da3291a39e9124c58d9ff

  • SHA512

    f1776b6a457108f10ca940ce02ce98b73404f5cf18fccee4977024cfaf74d7f48666d4da9be1bee27531525e276cb8cfadba39b0c81e0fd8cbe42f7672f45b71

  • SSDEEP

    24576:juDXTIGaPhEYzUzA0amuDXTIGaPhEYzUzA0bnl:KDjlabwz9aDjlabwz9rl

Score
10/10
systembcdiscoverytrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.mypat.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    42@Andheri

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    caRLoS

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    baby44

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.websitebod.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    T1e11nwffii.

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    88AM6GMGe!

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.fkksol.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ebapuxi2020

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Emilee

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.hotil.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    030492

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Cheriluva

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.giochi0.it
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Sbribba!123

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.highheelcl.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    19970714

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.fontdrift.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    vb123!

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mybluelight.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MY2CaTS

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ncn-t.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ssmap0061237718

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    broadzilla

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    frontier1

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    wflee

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    parmelee

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.jcom.home.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    colosukezaemon

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.citlink.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Beaner

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.dad.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    RC194421qqqaAqwe123123

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.oct.zaq.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    satomi33

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.blog4us.eu
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    389680198693671a

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.nice-tv.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    NM@leifar

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.nifty.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    yu0611ki

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.uvvc.info
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Czbywwmybc

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.nikeshoesoutletforsale.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Feefa1236

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.elbras.com.br
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ednolia

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.gfgfgf.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    377710118218q!

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Stooges

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    greystone

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.riotiete.com.br
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    fbobh_j0'm

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    daddy1954

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.climalab.com.br
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    climalab420#

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    lexiboo0714

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.oct-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    731125

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    keymarie

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.nifty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    futawakatadahiro

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    8dzogm4c1

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Excellent

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bURDETTE001

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.fontdrift.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    pw

Targets

    • Target

      lrthijawd.exe

    • Size

      898KB

    • MD5

      1b1ecd323162c054864b63ada693cd71

    • SHA1

      333a67545a5d1aad4d73a3501f7152b4529b6b3e

    • SHA256

      902337bbf17ac4e015e03d12e79b60b8dd5a8362496da3291a39e9124c58d9ff

    • SHA512

      f1776b6a457108f10ca940ce02ce98b73404f5cf18fccee4977024cfaf74d7f48666d4da9be1bee27531525e276cb8cfadba39b0c81e0fd8cbe42f7672f45b71

    • SSDEEP

      24576:juDXTIGaPhEYzUzA0amuDXTIGaPhEYzUzA0bnl:KDjlabwz9aDjlabwz9rl

    Score
    10/10
    systembctrojandiscovery

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (555) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks