cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e

Resubmissions

12-06-2024 11:55

240612-n3qdvstena 10

12-06-2024 10:03

240612-l3crnathpk 7

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

4.3MB
Sample

240612-n3qdvstena
MD5

8d253537af839ffffa35002272a69975
SHA1

75def7b867b5d7930416337d32fa7735cd62c9d1
SHA256

cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e
SHA512

6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca
SSDEEP

24576:tTCsLxyCB/T0DwDCuk1H4ki+kwQpQPm0TVBTBMqpPYx0d41QixgN463thBedtE:tusLx

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.arkfarm.co.jp
Port:
587
Username:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mx.breakthur.com
Port:
587
Username:
[email protected]
Password:
Hyn2mu67

Extracted

Credentials

Protocol: smtp
Host:
smtp.tmtv.ne.jp
Port:
587
Username:
[email protected]
Password:
hogehoge

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
jh0013

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontiernet.net
Port:
587
Username:
[email protected]
Password:
porkchop

Extracted

Credentials

Protocol: smtp
Host:
mx.abcnetworkingu.pl
Port:
587
Username:
[email protected]
Password:
Db6rqz73ob

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
Bedmak3r!

Extracted

Credentials

Protocol: smtp
Host:
smtp.datacompany.it
Port:
587
Username:
[email protected]
Password:
Curriculum54!

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
miguel98

Extracted

Credentials

Protocol: smtp
Host:
smtp.charme-jp.com
Port:
587
Username:
[email protected]
Password:
97043b

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
nascar090

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
monkey07

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
Bigcat19

Extracted

Credentials

Protocol: smtp
Host:
mail.hcn.zaq.ne.jp
Port:
587
Username:
[email protected]
Password:
21214455

Extracted

Credentials

Protocol: smtp
Host:
mx.websitebod.com
Port:
587
Username:
[email protected]
Password:
a4aw19eWoW

Extracted

Credentials

Protocol: smtp
Host:
smtp.nifty.com
Port:
587
Username:
[email protected]
Password:
eiko1007

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
peanut

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
sydney

Extracted

Credentials

Protocol: smtp
Host:
mail.dear.ne.jp
Port:
587
Username:
[email protected]
Password:
khyredabest

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
mariah

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
KIMBO528

Extracted

Credentials

Protocol: smtp
Host:
mail.eme-weld.it
Port:
587
Username:
[email protected]
Password:
161219756

Extracted

Credentials

Protocol: smtp
Host:
mx.abcnetworkingu.pl
Port:
587
Username:
[email protected]
Password:
Db6rqz73obw

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
Dessi10

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
golfball

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
swordfish

Extracted

Credentials

Protocol: smtp
Host:
smtp-box-01.iol.pt
Port:
587
Username:
[email protected]
Password:
liliana

Extracted

Credentials

Protocol: smtp
Host:
smtp.epix.net
Port:
587
Username:
[email protected]
Password:
tiamat

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
123456

Extracted

Credentials

Protocol: smtp
Host:
mx.free-lesbian-pic.in
Port:
587
Username:
[email protected]
Password:
brittany0

Extracted

Credentials

Protocol: smtp
Host:
smtp-box-01.iol.pt
Port:
587
Username:
[email protected]
Password:
ricardo

Extracted

Credentials

Protocol: smtp
Host:
smtp.jcom.home.ne.jp
Port:
587
Username:
[email protected]
Password:
msms3903

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
futbol

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
walt44

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
peluche

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
louie2112

Targets

- Target
  
  file.exe
- Size
  
  4.3MB
- MD5
  
  8d253537af839ffffa35002272a69975
- SHA1
  
  75def7b867b5d7930416337d32fa7735cd62c9d1
- SHA256
  
  cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e
- SHA512
  
  6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca
- SSDEEP
  
  24576:tTCsLxyCB/T0DwDCuk1H4ki+kwQpQPm0TVBTBMqpPYx0d41QixgN463thBedtE:tusLx
Score

10^/10

persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4