42fc5462964e17bcbc2e6fe2e621bfecf2d241d8df5c31bb1bd48144df7ccd67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42fc5462964e17bcbc2e6fe2e621bfecf2d241d8df5c31bb1bd48144df7ccd67
Size

75KB
Sample

240829-k5pzbstcqd
MD5

72e5f385db136beff079622851953461
SHA1

2748185e029092cec9ee2b0e7a824f324092d9c9
SHA256

42fc5462964e17bcbc2e6fe2e621bfecf2d241d8df5c31bb1bd48144df7ccd67
SHA512

780c8f6b9a1b967c9cf2773198c4ec28be2f424373b431cbc5fcfc180df30ca348d8d8c0b908db014275428b6a4accb15f67eb376464f52bd4a7167bfa2121ec
SSDEEP

1536:Yszo2iRq8bjAmnQzG5vZl2e2tYIzkQtTvQYlTjd/8QvJ:jzoTRpbLQQhlVIoQdQYpjR8QvJ

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  EasyWebSvr/EasyWebSvr.exe
- Size
  
  67KB
- MD5
  
  4231e7233a0f4a797d1f823b9b132319
- SHA1
  
  e62a1418cb71d0922b459ccecee6775c09bdf113
- SHA256
  
  4a838fd2b5d7824030f396d456ffa534de5568665f569d3e251cb4317e387889
- SHA512
  
  b0bb7aa8a3781b4fe6429b33e148f4fad6e4cde76b9ad738ed26a154a8ca0d717b5afb9c322aa4a64db6bd3265f805a085e71f485d2887634e3ad09c9dba28ea
- SSDEEP
  
  1536:dJA12KsAriVZaDp2NjOW4VoBMa+MM2vbJS:di48OgDpuij2Ma+JAS
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  EasyWebSvr/demo/hello.asp
- Size
  
  112B
- MD5
  
  055c3cf112ecc59552fcdc332d3a2813
- SHA1
  
  94794423ac4560bb7dc3d25fceb1ba55a2f27a69
- SHA256
  
  33c8dee8f9a92345c2cf8a00ff9ede1e0efad3ecd1fb9c36633542d2d4c0b151
- SHA512
  
  b9838dcd9acce64fc7a02d7ff3d538ba8396db4794e149f783b4cead620f58b7a2097312b90eba65f34e14c8db13ab17b0251a6a7852025d8124ceb80752d37c
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  EasyWebSvr/demo/hello.dll
- Size
  
  3KB
- MD5
  
  1b16b75310e2b968e40cbb99054f58a5
- SHA1
  
  e126c31c3b1dd14b50f2a88c69075d05f53bdc88
- SHA256
  
  3042dc802e71e8e6d57d8ffff4cd50cdcb2f293bb75d3771b87fbe10a874bdc7
- SHA512
  
  0a3cc0debb9e691c3dcd86eabec03ce7a9a39dad9b34ab6097d4fd1d0a2bea087ccf33bcea2bef05505f24976354af3a91e0cf0fda23f7f2b927f51a94b4c64f
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  EasyWebSvr/demo/hello.php
- Size
  
  108B
- MD5
  
  ff9e55b351e81a0f461a1f1ca5584978
- SHA1
  
  701712e8c79173a3dccb82ae10329a25aaf91c29
- SHA256
  
  aaa06425984f6c63d1c1820836cec2ce4f961b3104df7b607efc28688a05d372
- SHA512
  
  afc1c3528df49bf4f722530c311228be0f7a1edd2243f0bc1fdcaa3496b183cd35504623613857e0749065779700c11d1f2ee0c7bda35de1a033b26d5b0342bc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  EasyWebSvr/demo/hello.pl
- Size
  
  92B
- MD5
  
  bd8609e04445818719417cd9ea2f3b4f
- SHA1
  
  14fb9add0352fd2f92ebcac4ac1b1aa38328851b
- SHA256
  
  0bf8a2738eabf94eb774979dc3d9ab953bd9cab58f87d1a6873ab032ea6a91a7
- SHA512
  
  fd4dc1daa1ed065165f6bf4d3fe6ce2c4ebaa5e0d28320b197b03188953a37d643df1283476b4e1f047540c764fee895fcef0e3721557650739a803b0bc586db
Score

3^/10
behavioral10 behavioral9
- Target
  
  EasyWebSvr/demo/index.htm
- Size
  
  7KB
- MD5
  
  67af77738425a5cb05d6a4c82a51ce66
- SHA1
  
  5ed0fd90c3e8507613121f6e0a8840ac43f12ebd
- SHA256
  
  097facab18c93451d996375ace41112f38458025daeef179fa02641a9f39e793
- SHA512
  
  a3a7c8d722d83e938522fc09bfbfebc69d4c712d0bac07af463e039192a2473be81283014f525c73ea0f5bb33ead392f020d225a32ec1c0c860d6ed03cebd73d
- SSDEEP
  
  192:8Vi0wzKHgfUr0fsseYoMK1CbqeVeiwP6B:30yfJqwu0eZE
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  EasyWebSvr/demo/phpinfo.php
- Size
  
  96B
- MD5
  
  2082ebe4b667593f8db0e2bdfc6dafd5
- SHA1
  
  01f9b98b271812be4da110149c27021a9fdf7658
- SHA256
  
  4db950c766a737b0c5e1fd6331a1dcea3bcb9607c054f2f43286a389f9295fe2
- SHA512
  
  337889dcb4c4d2a9c7ede0c65e380ea95ba8dfdb6d54684b2a6024dead108d50995e6277aedf205b35ae386239d0265e991d9a026a14114ab4e771ea42ec5e64
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  EasyWebSvr/demo/viewmsg.exe
- Size
  
  6KB
- MD5
  
  d1634d1c7aecc807d2702246c2c306c0
- SHA1
  
  4aebf0466fa58e6a21b3d64ddfeecb6da8987d3a
- SHA256
  
  f5dbff2d2b03c214988dd419832965613e676128b151376bfc8c77c8058fc177
- SHA512
  
  dde48632cc8de4aba7cdcf7f165b3942f91f94bf4d7d9683119efc6cff11f54d73da0cea04082daa827562db362d63c428a12c79f7708d919f1caadee2674079
- SSDEEP
  
  96:MrIeyoLfXD3B9z/QmDGanzIaPyaokdcUXLTl+nNMDPfyADvV0g:kL/D3BxDhaaokCm+nqrvV0
Score

7^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16