General

  • Target

    FileZilla_3.67.0_win64_sponsored2-setup.exe

  • Size

    12.2MB

  • Sample

    240612-r383rayenc

  • MD5

    e4acf0e303e9f1371f029e013f902262

  • SHA1

    180f686f2afe1ad0ac6f3498e70af910fcbce620

  • SHA256

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

  • SHA512

    fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

  • SSDEEP

    393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Malware Config

Targets

    • Target

      FileZilla_3.67.0_win64_sponsored2-setup.exe

    • Size

      12.2MB

    • MD5

      e4acf0e303e9f1371f029e013f902262

    • SHA1

      180f686f2afe1ad0ac6f3498e70af910fcbce620

    • SHA256

      9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

    • SHA512

      fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

    • SSDEEP

      393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      AUTHORS

    • Size

      3KB

    • MD5

      6c0f745df851f8c4d10e1789bfd19ff4

    • SHA1

      d01763320378fe2af3a81d0166eafca3c0d0e713

    • SHA256

      45f98d3dd4a9c7cf58d302e00ebb69a411c120fc4160e04304780db03dfc2265

    • SHA512

      6448fae1693db2d596859f9d14a5e4fc4c8e96d2081dcdd8d0c4f7b84655b8f2ce432d8482f073840f6ddeaa501423755b79f3e9c28a9453f8aeb9103ed0180a

    Score
    1/10
    • Target

      NEWS

    • Size

      118KB

    • MD5

      19c328041291022688d81ce7af5ec055

    • SHA1

      e4d41365b45967bbf1c512ca628817fa3dd10040

    • SHA256

      aa62a9f3e4937dd885e6da2e7e787dfba72333520e4c50d6c93ab4517bb59317

    • SHA512

      9404daac5ce34e4b7a8227a43e7e115e4b6b664529587b22576699fdbb93ff154722b4a60e87706c6a7c9cf774444b0ecc57e6a1e2acdf3deb2403518284fda2

    • SSDEEP

      1536:L7XfvUwBWWjVQLFGoTZ9XHQTbyGaU5A+tKvdTLGYKlTVu:vfvH8LTZ2T0sdmIRu

    Score
    1/10
    • Target

      docs/fzdefaults.xml.example

    • Size

      2KB

    • MD5

      bc0afacd8028e222472bb32474db8148

    • SHA1

      826f5ec70527440c72e0be67cd4744d95f45f288

    • SHA256

      0d2e249a171a07a0b412c9f3eca041e772d530991d6333f9c96600c8c0935027

    • SHA512

      d65ac28f18ae9886f05f19feb209b6b26199c9353928f304ed705efa9e0632b66442fde52e6fcabdc81a9b3b42bb3a751df5e08929acea14ecbfb43294214664

    Score
    1/10
    • Target

      locales/an/filezilla.mo

    • Size

      129KB

    • MD5

      71f6b8b0df7ce00fcde21e41fd4fa6f1

    • SHA1

      babef269e01697f6728e50d32c10a7bc9d8b474a

    • SHA256

      54e3019ca035ba48c32b9a876ad55ad87c18798b8493909aff38e97d2ebb0c0d

    • SHA512

      dd796a919739c5bbee66a6b1cf0330a4e09b2c14a966b18d353116d7ceabf56bf0d9815de3ad7bb286ed3966e7ea6d2d34cb8e22e864b929c93b17bd2c2b767b

    • SSDEEP

      3072:rflp/Hc8wmLSCdt4nITa1X0BTMXBwAh1GM:rNpvVJSkt4nITa1E8BwAh1GM

    Score
    3/10
    • Target

      locales/an/libfilezilla.mo

    • Size

      1KB

    • MD5

      37fe0fbd12807bda24ee11e13b23224a

    • SHA1

      cdefdb79f57dc02c244c507c90839042179f43c4

    • SHA256

      b263beb33273a7c974642333fedf8aa5fecf78f202af091f68986fd4e25cb063

    • SHA512

      9eb47734e428fe9827cce76cda5b2c3d13dac2936d587d1cb90e865b8a2f0444a2395648c1a17b98ec5a8ec5ceea8ae1f7000cb46f3196b91aac1e365c5ca2a4

    Score
    3/10
    • Target

      locales/ar/filezilla.mo

    • Size

      204KB

    • MD5

      b75815a48262c55f52a2ed85416e0700

    • SHA1

      d3936c372ffe21e67498d8b3f182ff00ca51c668

    • SHA256

      28366ad7afcb7fce7ee3343c0a7c8a32d5775534a813d1bff06f1e3eeea2ef25

    • SHA512

      c59b22fd19c4dfe75286898c34e383e36ee3af1c2159e9effcc3b3748f889eddcc3323c07220caffab5ddef4218f78f457348f24b488ed238630e20af1f51aca

    • SSDEEP

      3072:kifvEeZriURJsJmfmTkCF5XTs7k6wdccGr+6qMleMybc2FTbMArh:ksrq0mICF5XTsIzeMrwCbMArh

    Score
    3/10
    • Target

      locales/ar/libfilezilla.mo

    • Size

      9KB

    • MD5

      f399112d051bc159e55ccac6960de07f

    • SHA1

      761db2de7d852ab72a8d0f2720576321f4339c44

    • SHA256

      99cd265a321004f52c2587487624b33b6e95f40ab7d0ce3e09dd1e422d854cc7

    • SHA512

      a1f2d937d4f0dd8e6062741cc7c22f05568ad7e4402f074c3b1d56a368866834c4cb81b96403bb6675d7740a21503328a035f5e496d259af1a8310ece27aa291

    • SSDEEP

      192:gvA19RBypcqet90vMm3dAdBkAPHt+FkC7x/kp:ggReg9EAvkjV75kp

    Score
    3/10
    • Target

      locales/az/filezilla.mo

    • Size

      153KB

    • MD5

      1e35bc8a853c00e2b6221484f1e837f7

    • SHA1

      248ceb777521af3492e5ad8bc7a0ba90df311cc3

    • SHA256

      5acf3ca1114858db1f9ebad76a8e564fc07b214d98489052588c109d6c772688

    • SHA512

      8247e3c7365e34c6574f26b6459eb471c55cd53a4fe3a80027b49e73d3e2b55dc13656f5bdc0051972b35881b289dd439b85a872778af627f81a25d3e813194b

    • SSDEEP

      3072:RbMK0ZEymHuSd9F7hTVJPBw/j2NKY9xEBaU6rFQPEg:RgFOru09F7hTVNFEZEg

    Score
    3/10
    • Target

      locales/az/libfilezilla.mo

    • Size

      7KB

    • MD5

      c690b37688dcbe96ea3d9741b19278d1

    • SHA1

      5ecd6521e7133b6a100a4bbb8cc94aa3ef79d77b

    • SHA256

      1552f2e020e0538a37a04e39c4f99f7a953b0761fa6129fa126dfe039eea9485

    • SHA512

      65401153cfc84c2c32aea7d1e8bc498b4065059bb804cf3ad9e3f9599b767966b14aa958798b037f42cf5a6114365b59a1bcb20114d3e7d934194172ed864d49

    • SSDEEP

      192:nKlTfb5IZGJqe790vMm3dptKIzPIi2mGAhFWZq:KlTD5IkB9EptLGQ/

    Score
    3/10
    • Target

      locales/bg_BG/filezilla.mo

    • Size

      224KB

    • MD5

      8392e67b57c571ea7358e89b211da6eb

    • SHA1

      adcf59f2098f31da1c558aa777903cd64e4102d1

    • SHA256

      9d75208a5265404240d457981316e02f4a72d37cf0bc796ab570a934c6090375

    • SHA512

      7816db9f78b320ca0cfd5cee1cf2ebff458e5f6680b7b3a64c198a8cda91d4b038d495e5a525b1ddfe4c73e9c8986d5f5036144939b9a902382d51dbecd3dc6b

    • SSDEEP

      6144:bSnPRtzICF55T7T0sgSJWyhcHofdhjjz+JBeyGW+JDa:a5tFb0sPJWyhcHolhj+JBeydwu

    Score
    3/10
    • Target

      locales/bg_BG/libfilezilla.mo

    • Size

      11KB

    • MD5

      053bf24a6ab464186ea2ab41574a8945

    • SHA1

      014189077150f775cc4e95393746d40672a25e24

    • SHA256

      e8c71a3476c49af1d7464602a17a65fd46fbd2639c340a0994c1897ba051fbda

    • SHA512

      f5cf6ec9f9731770a483feeedddc116e30600dde22c5ad8203bad86129eec38b270c8d676441bb6694af6640b4e63a2aacc88d32bd85be967f9ea816ffa2dd4b

    • SSDEEP

      192:Y8iwMfrQ1Y3cqet90vMmnDedAxlZ4ljJK4h9+1G1uCM8xA2fa4lJ1q4aEenD:NFZ1Y3g9hAxlGljdh9+1G1o8dfa4iXD

    Score
    3/10
    • Target

      locales/ca/filezilla.mo

    • Size

      165KB

    • MD5

      cd0bcd38ba2ad95e4b2ce27648f3bfec

    • SHA1

      1d1c73107880ed41f0dc6221aba39824727c15c5

    • SHA256

      54791bdff147bd6825ec849e195c39c8cea0815654c7c9bab34a1487ec71ad29

    • SHA512

      eefce0320b57dbf746eb5459ed05441512fcfba99570f9a0feb8834906651bd124beb96508a9b23f24d80aeed23add10d6a04e71782ac7b05d86e8ef5fbb7041

    • SSDEEP

      3072:1iZxwnimGr396FXbToWirwFRrO0+pWMNoGDm0UaHcOwJvONw1nxmnBPwzK5NFjUu:4QKrt6FXbTo/2Rn+pWMKGPUaHwvONw16

    Score
    3/10
    • Target

      locales/ca/libfilezilla.mo

    • Size

      7KB

    • MD5

      c76c8b0bf8cad94ec38a46128ac7f8c5

    • SHA1

      79e4c3961785448438daabb37c1676dea39052f3

    • SHA256

      76ab8d14bdd35a78a93115c3317ef1e13008fb7c88b7baff213f60987288fbe7

    • SHA512

      feea8025667e7c0a37a8670581edcb3de182cb360909c0325e050dcf29b352a2b3079bf6a3e159f4cffcef8e6d0c958575b78d3e632b76ca83efa1903784b467

    • SSDEEP

      192:nKl+30ZGJqe790vMm3dpYe2KsM2XeFw6ImJWRX2:Kl+30kB9Eph3V94m

    Score
    3/10
    • Target

      locales/ca_ES@valencia/filezilla.mo

    • Size

      109KB

    • MD5

      fb7d30eb01832cffb1297c3d171983ad

    • SHA1

      52d47349183ef6224acb6ca296d1f78825b247b0

    • SHA256

      9bf751c01ba2da1bdcc48becd07778a39d7ab485c465f70b343be93c4a676434

    • SHA512

      a4ad27488bd5449be62583841483e5a870ac65c7aa0c1f1c1af590810bafc8ca43edb396d1b3120a7c8bd64b795cb67adafc17b161cdd30a8cc5d084c87313ee

    • SSDEEP

      3072:MuW9XUwkP3eE9Edx5XctZEidfGM0E/dDVWImTjdxqagUMBDF9q5NFdpGt:MLXUr2EMx5XctZEidfGi/x7mvdxqagUu

    Score
    3/10
    • Target

      locales/ca_ES@valencia/libfilezilla.mo

    • Size

      777B

    • MD5

      7e2c4e079e8a1a2671bac61edd831995

    • SHA1

      47e901e2d01445793afa0bab71a1e7d314498ae6

    • SHA256

      589ead4511c2e86324aed0cb4df6a88f204c0e4fa271f368b89ce2fc40673394

    • SHA512

      2a18ef98bf20c91782ad3c47d4755c14ec25f30f373fbbefc732bf8147ad872b1b5b2f749c86cda92e4915a29d6c45cd0b4c5b53d6126f41a49c194e6d197ba8

    Score
    3/10
    • Target

      locales/co/filezilla.mo

    • Size

      186KB

    • MD5

      bc4b52a1df110217ddf5ff9c2a0d378e

    • SHA1

      bd5a3cdfae172dc4db7a1820725ffbbe017d0f87

    • SHA256

      f0cd1ac19ba8e720fbbacc7079ee14e17e4fc5d982877ae93ae4ed50e6bd0624

    • SHA512

      81d65c9f307dfb55c05424ec85ede1b4941cbca6f914746f1146531848caf63f2debb0194c0a847659414b34d13fdad9396cf212c43fddc6b9a99ac1f01725c0

    • SSDEEP

      3072:kifvETBgsJmfmTkCF5XTs7k6w53yXJHv2tmf:ks00mICF5XTsIzuN7

    Score
    3/10
    • Target

      locales/co/libfilezilla.mo

    • Size

      13KB

    • MD5

      2cff5b6f87f32937e6f5a969cafc5c73

    • SHA1

      cfc9852dd45c37b10e47505219df425d5f8d91c1

    • SHA256

      7ccde7c137a2df10c2f33223c7073826dcbd1d83a24a4d9cb70f50899d20c9b4

    • SHA512

      a1a36d8a5da7aa9ab9125fd3d14fb9a0d15f094183e23a57a4032440732e960f74d4d914ec5e43d658f55adf8f4a611ed5b974d0d4cf0cdd157f1e4a95192311

    • SSDEEP

      192:uVZ9GJ59LvhnDycvrMFqeY9FOMmnDe+K/nwt2BhYubzcPK/x6i2br8KW7PVL:yZ9Gl1nGAIC9iK/wt2zYubzbxa8JPF

    Score
    3/10
    • Target

      locales/cs_CZ/filezilla.mo

    • Size

      166KB

    • MD5

      0873ee53c4e57c0af70ef1aed0d86c4f

    • SHA1

      cff8b3510bac50f548b169f44249f0bff95be02a

    • SHA256

      3c3bf0e74b2934f4e64549d299f9db1056ccc5c8d74f949fbdb492f17588b5c9

    • SHA512

      d39617998e56d25386e9c4e15918f49a60f5fe55dede0738c1f204f583c90adc936da26d489a24fdc106ce5d0c30ef68bf42750431203e8f364b84ec9ef37fd3

    • SSDEEP

      3072:xxcozWGkbQ+G4mUeE9oFOvTcuuIwhdhqpaD8JggMu:x3yUOeOoFOvTcd7hkr

    Score
    3/10
    • Target

      locales/cs_CZ/libfilezilla.mo

    • Size

      7KB

    • MD5

      95d9b64531fd1d36473ac31e7de7461d

    • SHA1

      64f2342f513a7f48f5565a82e6d56fa0c7fb917e

    • SHA256

      6d8376f9b1eb29b81c4e889253152166a6366a3fcd7709515ffa4c5cb4e4485a

    • SHA512

      a3cd574f532e8672b3ee48b4784b593f19b98bbf9a38066c7d7fc2e76dd5d1924e9f2ed0c887d876f290351acb5cd6a69fd30f079de4662f7c81c0f49b3917a7

    • SSDEEP

      192:nKlb3BZGJqe790vMm3dwvQnhUCCrdItpkuHwSXb:KlbxkB9EwvQh66tCbk

    Score
    3/10
    • Target

      locales/cy/filezilla.mo

    • Size

      132KB

    • MD5

      bcae825e6fce9f8d775ab23430733cf6

    • SHA1

      235cf31f10940f89b00de621c49956e9dc9fd1ef

    • SHA256

      db6befbd5481d74ba311bed178d329bd6077a155efbc4e64cb96139641858b8b

    • SHA512

      a9b3a85c02d15c85a6ece750b61c27a91b597def66f1339b784409cdf5661de64515116636b836add0d652d74514aba7fc30f0eb540daa64b35ce8427f2596ed

    • SSDEEP

      1536:NhTaeup4+eSgeOPQm9J075HH9EHdL3dp7CeTeYKrAB65PurMGfx5WBy5QSdX9c:j2tecOom9+cdL3HnTFG5PuQG5sV29c

    Score
    3/10
    • Target

      locales/cy/libfilezilla.mo

    • Size

      5KB

    • MD5

      af4894f1c316bcff81bbf9ebf611a32b

    • SHA1

      5ea4803018922ed950d598c017a3c81258977f26

    • SHA256

      263f85f018cd13ade5bbcee9543ecee9e2d1909d3acea5fb9b9f238e865b6f87

    • SHA512

      50c8db6637d553224919a76d2ff6b80dd0f9feaa8b27dc94196bbb95ade84864dba67f71834b5e0a47c17309499679096bcc9c1aafbb46c6c1014cea8f570f6d

    • SSDEEP

      96:mBgoJ85wJHFVQk0jJqe790vMmO87kqGu5GlO4S7wQV7o0BLl+I5Qta:mBFJ82JlUJqe790vMmdFglHSBVtHQw

    Score
    3/10
    • Target

      locales/da/filezilla.mo

    • Size

      164KB

    • MD5

      6668c8d9452452377ef57f0c33975123

    • SHA1

      7c8f5e360dd4a9a75c9578903e5ff367d6d61777

    • SHA256

      584918f4f87225f615bb02eab54430a6bb837db2f05d8192feb13626471b2edf

    • SHA512

      6ef6f31ecbf6fa7671f0e63cea70e4774a26d8be4edc97b1cd442857830bd663a75cce23160d6b115558330037e15941864d358bba0e55ea1915ab770f9a0b2b

    • SSDEEP

      3072:+a5W0/1DsAmB6EkCF4vTcpXLw/toK4Ju+AvTQxs4NJOJA8tre1nBKyH:9Wa2j69CF4vTcZ7K4J6ExsYJOJAESlBR

    Score
    3/10
    • Target

      locales/da/libfilezilla.mo

    • Size

      7KB

    • MD5

      2912398251df424cd1525c2b974e0500

    • SHA1

      600a55b0a0029f6cc53bb889d55743af6fae0c10

    • SHA256

      c2c497df48091ac787e1716e24de4f2d4cf143fc25c888da9a7b56fa1cad3a62

    • SHA512

      f531b51991fab3aaaefa32b25dbcce3f96693d0822de79e7f178efda180a1787121f6042ada161e8337076d83ae14db1c5ca792b58fe9c7d05bf0e78825a22d0

    • SSDEEP

      96:Uf2D+4ZYAHgtVvqk9Ra1Jqe790vMmU87cqO6zu53RQKWVB0APZZXIQrUkautWpzo:UMCZGJqe790vMm3dwHkWQr19WBzQT

    Score
    3/10
    • Target

      locales/de/filezilla.mo

    • Size

      174KB

    • MD5

      ccdcf1d59b3392fb364995b406603e7f

    • SHA1

      ba34e50c053a485e0ac0d95eef63a663cbb14c3b

    • SHA256

      5bfeee925b4ffb35b5f602f09b42b27d76c3362f62b2aaede2b1c208108e4b4a

    • SHA512

      3bdf68d94a1d4a338a72bf52ae5ceff87518a8525cc355d3e54e8ab17c859544763c12a40af0e624ff781f551a6982471b86cde98482cb2980425ec683174395

    • SSDEEP

      3072:6jfKGAmBwE9oFOvTcuu2wk+WbGmQ0XRfLCm3s:AtjwOoFOvTcdS+mGmJRzCOs

    Score
    3/10
    • Target

      locales/de/libfilezilla.mo

    • Size

      7KB

    • MD5

      1bc2a1ed88772e7ea54cb9858d7b44ce

    • SHA1

      8072b1bbf1796972ee7e6a081c63ca97a6e80880

    • SHA256

      70e1678df4928bf7fa7d988300b4a297967f8ccc85d0b637c96d274ae479fae5

    • SHA512

      a9d38159591664a4814a48fec1006626b648421c90d4fa7014432f82634bd125cf1a6d21aa090fa42c142ceceec5a9aa2c6ff7abeaebe1c8e29d77ed6c6236ad

    • SSDEEP

      192:dclrpHZpJqe790vMm3dmSnAiHHDJac1CAdk8ypJ1xu:ERvB9EmSnAinDJBRdk8yf6

    Score
    3/10
    • Target

      locales/el/filezilla.mo

    • Size

      235KB

    • MD5

      3a55a9505d5815f3465e3471918a481a

    • SHA1

      0aebd5ef710f7e91195c108a184712eb7c9f73b8

    • SHA256

      b985208809ce7449311c9f63792bccf1688293e4b83d82a645e3b8fccb06315d

    • SHA512

      04052063d6c3d77f773a11a4aecaa25fb9c90a14842c452cabc10cdfe42785f6db075f4e65ee5445b3a624b625e0da5158c39a682563aaeeeee69c4eeb7f3c85

    • SSDEEP

      3072:WWEckh8E+GGymGYE9oFovTmuukw+CstK+JLJ6A8K2vTdyqnT3FJ9t01J9flA+lU:Wr9mJ6YOoFovTmdiCsp2vThTVnkhlU

    Score
    3/10
    • Target

      locales/el/libfilezilla.mo

    • Size

      10KB

    • MD5

      af620e0dcb310a03eda039deba665f62

    • SHA1

      588e593db4ae8a7b205c151b33c6abc8fee16848

    • SHA256

      52e60a1e0d9a72407a0c5e529845ca45bb0d79a786469623a25f2cc63c48bc92

    • SHA512

      00a6cdbf24dfe6fe2688080851d1270db232045d9b8672ea32735daf89ddcba67b6cc8bf04dfe093f66c7db5625d39d3003070eb93efe186df87577399d2f375

    • SSDEEP

      192:nKlfNbaZGJqe790vMm3dLr4r9j6yVtEuLdQY7kyETMS3Hrbl:KlfNbakB9ELr4r9DtREj

    Score
    3/10
    • Target

      locales/en/filezilla.mo

    • Size

      275B

    • MD5

      807d27e041dd3ed1cd2c872c283a6e52

    • SHA1

      c94a40db0cbe1efa783a463526c423dea89f500f

    • SHA256

      dd0b523740c89630994264359e1eccef53c6848928efc7c034f993c1b3e4b22f

    • SHA512

      21657b5b353a53bbda7370d863cdc0003e21761add65737d3c6de49294b44e28c9c35b61be3c9a06e5e78b5a65f6c11546865d778509863f266092c7b72ea2ca

    Score
    3/10
    • Target

      locales/es/filezilla.mo

    • Size

      176KB

    • MD5

      9b5be207a3e1717fb0d1b94f4188f589

    • SHA1

      f82b8f6be6ce282431841c3360aedd03fe3811bd

    • SHA256

      8f2b11cca3e77a943b9083bcebb50ea38047f4531653f6d6fe4fae19c67bbf91

    • SHA512

      34122a3db93471f9cd7062cecfa582ba8c4f4ac681456b885a8f80c16fdf49b22a46c50b5823b30d835f0a5838c8cdbcb563f5f2d6a7a52bf417a7137d901b70

    • SSDEEP

      3072:bDUbJuzNOGghsJmfmTkCF55TT7XUw6+8U2eyi:bDUbJgFgC0mICF55TTTp89i

    Score
    3/10
    • Target

      locales/es/libfilezilla.mo

    • Size

      7KB

    • MD5

      00ae32765aafbdfde1371a120d876c6b

    • SHA1

      e260a9e1d9c58f8818a0a6036b38b9a321a4c691

    • SHA256

      3edda140f7fc66300eb304c4bc05e086187f124c0d2b3f61b24a120da7dc963a

    • SHA512

      613bb8b18627ec19cbb1407ed2e1535dfea43abc5c6347b13c757f9e40265032e76e46400d7c52165739993e6b490e045c12c5653ec689f5d92ac10720a5445d

    • SSDEEP

      192:nKlLgiZGJqe790vMm3dpUFtuVRCb2+FEAJ1h52K:KlLgikB9Ep8Rz1V

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

4
T1547.001

Defense Evasion

Modify Registry

4
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

35
T1082

Query Registry

7
T1012

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

2
T1005

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoveryevasionpersistencespywarestealertrojan
Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10