Resubmissions

12-06-2024 18:38

240612-w98g1syhkk 7

12-06-2024 18:29

240612-w46fgayfjn 7

General

  • Target

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202.exe

  • Size

    12.2MB

  • Sample

    240612-w98g1syhkk

  • MD5

    e4acf0e303e9f1371f029e013f902262

  • SHA1

    180f686f2afe1ad0ac6f3498e70af910fcbce620

  • SHA256

    9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

  • SHA512

    fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

  • SSDEEP

    393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Malware Config

Targets

    • Target

      9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202.exe

    • Size

      12.2MB

    • MD5

      e4acf0e303e9f1371f029e013f902262

    • SHA1

      180f686f2afe1ad0ac6f3498e70af910fcbce620

    • SHA256

      9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202

    • SHA512

      fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc

    • SSDEEP

      393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a8c86996c4230c2209f5927f21321377

    • SHA1

      45ce0ab93cb6a3a594e54878cce05df724024393

    • SHA256

      110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

    • SHA512

      69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3

    • SSDEEP

      96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      d458b8251443536e4a334147e0170e95

    • SHA1

      ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

    • SHA256

      4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

    • SHA512

      6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis_appid.dll

    • Size

      3KB

    • MD5

      19071761e91c43c115a16b52458869b7

    • SHA1

      75ddb807157f1aa31a08f87be0270f60990bcbbc

    • SHA256

      e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

    • SHA512

      bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

    Score
    3/10
    • Target

      $R0

    • Size

      33KB

    • MD5

      c0280971a69869d7a1f3b35793c839f3

    • SHA1

      946356173bdd7d575db1d1b3fb04ed81353e098a

    • SHA256

      c085caea2677b0eeaeecb9afe7e0bad83c2a94fc78d5c3f7819bc7314e54ec69

    • SHA512

      cdd1530aec393c9c07574e9a32214af8fb5eef85a5be02db68e24e05c5e1d88449f064e280d2bcd21aa6921c7545f30965a6724ce810960001964a3c558370ba

    • SSDEEP

      768:i2/5ZWpdwrGUxnyiehH/kmjGyhYlaygOENAMxjI:RBZWpvWa5jrYlNixjI

    Score
    1/10
    • Target

      $R2/NSIS.Library.RegTool.v3.$_106_.exe

    • Size

      5KB

    • MD5

      48b4f7d95dbff3dfc74fe3d9e41524b8

    • SHA1

      7bfc27a6eac4796029e841f9d5a61d37de6b34be

    • SHA256

      fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e

    • SHA512

      c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d

    • SSDEEP

      96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5

    Score
    1/10
    • Target

      $_36_

    • Size

      947KB

    • MD5

      610f4eb991ae0db08785dc4a6c1b1fb2

    • SHA1

      0b28c35f1569eec2dd1cd6c8cfdabb349f6e0866

    • SHA256

      6872cf401483b46c9b0456f676cc6f7e810fe11b7831567b187c6228ec4c0857

    • SHA512

      327647555d35f4dcf567579c4750299d8fe8ead866bfc304efd7f2b855bfd659da407c344c8077041310e214d0395d2f0c85c7d504ecf0403b970aca72496f7a

    • SSDEEP

      24576:Wo6hPUFdvQDqO6gNuSzRsK9WPIOg3Gm39ZJ4N9RMe:WNPUfYDqkWPIOg3Gm39ZJMRMe

    Score
    1/10
    • Target

      GPL.html

    • Size

      15KB

    • MD5

      11e176c5e0120ee94e365f999084bce8

    • SHA1

      a612f6d40d0d2ae045d80b60bce6fb6f81a811ef

    • SHA256

      f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c

    • SHA512

      d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3

    • SSDEEP

      192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7

    Score
    1/10
    • Target

      filezilla.exe

    • Size

      4.0MB

    • MD5

      79cef3c9de232d1f58f0e26292376584

    • SHA1

      2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d

    • SHA256

      26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887

    • SHA512

      2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4

    • SSDEEP

      49152:o7BUd0rZmYl3zoN/SXsS9BsF91aVi5WgLli6RbJjwKwam6+I8qzPqS6RxC5UIcOM:gZE/cBstwjein2Vj8B

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Target

      fzputtygen.exe

    • Size

      356KB

    • MD5

      7e208d8c27326712eeeed291ba350c3c

    • SHA1

      529cc45b918ff8fc980ea826a430f6a4b947196a

    • SHA256

      06f3610b7582ab8c906a81c0a9ac8199ca738e89a37e05021625c4ad9f7dd95a

    • SHA512

      87788c865845ed4fd2a969e3a5b970d43c9a6de783ec38ef8237d8aa515644605dd94146eec738d750157ba96befb16dbfadf933e8cab94788f5c35af17271b4

    • SSDEEP

      6144:4dSNRhY3pH7OehnYmHxlCuNNZRCuFECqColZTRcMR4N+:uSNRC9dtRxlC8ZRiC8lZNhRC+

    Score
    1/10
    • Target

      fzsftp.exe

    • Size

      648KB

    • MD5

      1035e5d9386199763a1f683ec4644bf4

    • SHA1

      e9b9045c29e645ec3bc157d18f83ab94fa280a49

    • SHA256

      bd4270c0fb61378b8c8f6720e5bb55921783d9255144d34cd13dd575b5c2b41b

    • SHA512

      a87012f6340fa7be396bb50af880efa57dc3494aabac698cde7d369a4bc2693986763da3946fa279c39012b661b29970e5d801373d00e88c104bfb6a91868080

    • SSDEEP

      12288:bTZBJ97RLnrlh6wqGX/DA8RYxQzaQ15uypHmZD747fHJ:bTZz3Lnrlh68DlYxa7HmZD87fHJ

    Score
    1/10
    • Target

      fzstorj.exe

    • Size

      9.8MB

    • MD5

      978c159cf2df761b4a353925b50da3f4

    • SHA1

      b79b0ad32795fe1c7a510a2ddb71e49f2aabc555

    • SHA256

      39eb51c18ac730861c96ddd4b2a73dbc2b7c70ae8411f9f4f5b841e391222820

    • SHA512

      cee6d0e9afe9445d48bbf7e39a002708c858949edeb7cca058edf3a4a21b5c5ae1b226422d13ef86afdda49e991ef897175e9b0a574ac9ef2e65b3c209971e0c

    • SSDEEP

      196608:J474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQk2:Y4Per8

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistencespywarestealer
Score
7/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

spywarestealer
Score
7/10

behavioral26

spywarestealer
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10