34798691da76d861471d70aa256c1d4718fa6f83996e91ffb27d2db3a547f417 | Triage

Sharing

General

Target

2f276d9ed50155f679afd4833c52dbe0N.exe
Size

543KB
Sample

240822-s64swaveqe
MD5

2f276d9ed50155f679afd4833c52dbe0
SHA1

259d74b2438ef9d8e0184884d53738bce4946f33
SHA256

34798691da76d861471d70aa256c1d4718fa6f83996e91ffb27d2db3a547f417
SHA512

3b24b4b8661932f1ff7e4ae58cdcb9effdf97295cf44731b34e1d226cc84c8de17c8e3f66ef557ce276a5913daed869184cefe717f409409c43f72d53422baac
SSDEEP

6144:8KK8/M66PKjtrSYiLeBmoak9u/SnrUEEYiLTcdeyBJdw2OD1MktP3XUxPQimxfDd:1jM66PK8UApYzdZJm2/g9fDFi/R

Score

10^/10

discovery persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
happy-hack.ucoz.ru
Port:
21
Username:
0happy-hack
Password:
dnkdnk

Targets

- Target
  
  2f276d9ed50155f679afd4833c52dbe0N.exe
- Size
  
  543KB
- MD5
  
  2f276d9ed50155f679afd4833c52dbe0
- SHA1
  
  259d74b2438ef9d8e0184884d53738bce4946f33
- SHA256
  
  34798691da76d861471d70aa256c1d4718fa6f83996e91ffb27d2db3a547f417
- SHA512
  
  3b24b4b8661932f1ff7e4ae58cdcb9effdf97295cf44731b34e1d226cc84c8de17c8e3f66ef557ce276a5913daed869184cefe717f409409c43f72d53422baac
- SSDEEP
  
  6144:8KK8/M66PKjtrSYiLeBmoak9u/SnrUEEYiLTcdeyBJdw2OD1MktP3XUxPQimxfDd:1jM66PK8UApYzdZJm2/g9fDFi/R
Score

10^/10

discovery persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence