General

  • Target

    FileZilla_3.67.1_win64_sponsored2-setup.exe

  • Size

    12.2MB

  • Sample

    241027-skelvswqgs

  • MD5

    b209df2951e29ab5eab4009579b10b8d

  • SHA1

    99ed6135defff6e675d626f742389d6280abdb60

  • SHA256

    76491df69a26019139ac11117cd21bf5d0257a5ebd3d67837f558c8c9c3483d8

  • SHA512

    27ecf0e4f51501df27b770729ab8d15d020da3a41c626a41b82f908ee0494ed95b3752f9c70567826925d0bb87ec18e9592a226a78f83ac4e30c6bde3eeb9553

  • SSDEEP

    196608:pAuR+K+hCe3PXgdIolgMlNDGkBX8yBHdgS+JQDIyaPtBvFFcIFhv8r5CQHZ35jbz:pAT/QFg6VsyBKS+eZ0yrNHvPz

Malware Config

Targets

    • Target

      FileZilla_3.67.1_win64_sponsored2-setup.exe

    • Size

      12.2MB

    • MD5

      b209df2951e29ab5eab4009579b10b8d

    • SHA1

      99ed6135defff6e675d626f742389d6280abdb60

    • SHA256

      76491df69a26019139ac11117cd21bf5d0257a5ebd3d67837f558c8c9c3483d8

    • SHA512

      27ecf0e4f51501df27b770729ab8d15d020da3a41c626a41b82f908ee0494ed95b3752f9c70567826925d0bb87ec18e9592a226a78f83ac4e30c6bde3eeb9553

    • SSDEEP

      196608:pAuR+K+hCe3PXgdIolgMlNDGkBX8yBHdgS+JQDIyaPtBvFFcIFhv8r5CQHZ35jbz:pAT/QFg6VsyBKS+eZ0yrNHvPz

    Score
    4/10
    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      a8c86996c4230c2209f5927f21321377

    • SHA1

      45ce0ab93cb6a3a594e54878cce05df724024393

    • SHA256

      110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

    • SHA512

      69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3

    • SSDEEP

      96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      d458b8251443536e4a334147e0170e95

    • SHA1

      ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

    • SHA256

      4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

    • SHA512

      6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis_appid.dll

    • Size

      3KB

    • MD5

      19071761e91c43c115a16b52458869b7

    • SHA1

      75ddb807157f1aa31a08f87be0270f60990bcbbc

    • SHA256

      e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

    • SHA512

      bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

    Score
    3/10
    • Target

      $R0

    • Size

      33KB

    • MD5

      bdf18c4b774cd7b55207f1e9d82012f3

    • SHA1

      a3d14ebab51a40b2bff8ab47705277e5479e66ea

    • SHA256

      37947c00a9bd815aecbec34bee41393346627e6f4fa4297b2bba832539c206e5

    • SHA512

      d4baaceef7d74cc9f50e6cb905333bb3b3ef1b8e8da213cfe36f56677c6cc0e52b1e353904175f28dd9599eb38be56f5f681f6b4b2dc48e53b0a0610b911fe11

    • SSDEEP

      768:v2/5ZWpdwrGUxnyiehH/kTjGyxZKaygOENAMxQrGR:eBZWpvWa4j7ZKNixP

    Score
    3/10
    • Target

      $R2/NSIS.Library.RegTool.v3.$_106_.exe

    • Size

      5KB

    • MD5

      48b4f7d95dbff3dfc74fe3d9e41524b8

    • SHA1

      7bfc27a6eac4796029e841f9d5a61d37de6b34be

    • SHA256

      fc6f7befdd834ccf59aa660497f197d85776f3d95736337d1b9f4417e1db8d6e

    • SHA512

      c51d21f3d76d915086324ecaf54f6da7b4fcd2aec9161812fde63e70f6aa1b30709cc6ae5d30abfcfe9141edd6e9e44d49de83a06753cbc5d37ad0d658cc740d

    • SSDEEP

      96:qBg4ARDDMDQB4dtVfhxr+qOspqME3zpHC5:isDDcQWd/hxaq/sMsC5

    Score
    3/10
    • Target

      $_36_

    • Size

      926KB

    • MD5

      7069569b6361e909a797b9c1c0341867

    • SHA1

      a3fdee12fec4e57a30fc65b543558088843650ec

    • SHA256

      b521957091df98d5ac92515c91fc83b5cbec5be2bc749ddce0f38b87abe6524b

    • SHA512

      f0682b26b0c9f401362bd467ff8f9f63b03d332e0bdc9c9bb3b5d40a0c4639f6259acb11a6b0cd4c2e180f04c92f20ab533800f5e170d85ec389f67dac1cfacc

    • SSDEEP

      24576:iTbrv94jbGqKWfcXPH4jnOjekL8ce5ZTmK8ZmGAPM:i7v9ubA2LOjekL8cerTmKomM

    Score
    3/10
    • Target

      GPL.html

    • Size

      15KB

    • MD5

      11e176c5e0120ee94e365f999084bce8

    • SHA1

      a612f6d40d0d2ae045d80b60bce6fb6f81a811ef

    • SHA256

      f7e89c1edbbef8bc837b47c48113a2416f1af0cfc2b2218da39085465ea1045c

    • SHA512

      d0532df4fe5e995df49f3e58127f5fc9637fc4f1afbb29e92ad16897c1055f77963277f5143458b9a294d1c24559bc594e0ae5469271ece639c8e66a5555d5a3

    • SSDEEP

      192:tiMUzQS+LrQWJz6Z6q6pdPIK8kV6AWRzdbDaz0pmN1rMbkBJ9R8/CmBHf3KWkc:tZUz5irJq6jIuV6fRzd3c0pmbMCzRLw7

    Score
    3/10
    • Target

      filezilla.exe

    • Size

      4.0MB

    • MD5

      71e87d8f4ab33dd57bff41f76c339e64

    • SHA1

      d202fea4df82d26fabbfe3bdb9515a08d021cd09

    • SHA256

      96816c715a54e596a9d12527d9bb0d2dbcbc02d2a73ce72a1fd36d634d3587cd

    • SHA512

      79dd39320f7e5abf261555959058508b0b1c5dfc72310df90b61f76849421139c4466e071212d9ca4fbcbbb442aa36ce2ddfd5306660be5e48d1a0f5cc0c0b21

    • SSDEEP

      49152:AHzFL+1NfyOT3BxU4/pRjpjqEgpMDqiUy0mTr5FeD2Q+zO3CevC3hPsw3p8MXqAD:OhaT3fpR1TTzOjUhCfa

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Target

      fzputtygen.exe

    • Size

      356KB

    • MD5

      b7f586891d88c64b4ab9b2571f887a3d

    • SHA1

      6b17313f7f078c88d30dee96af60aff5dd43ea32

    • SHA256

      64754dba1de747563cc2d991ae6ccdd5c022de7f9c332afe99125995e45fc16a

    • SHA512

      506f8d4a5b4f30bd99038aea3dca98082f9341d1e9a868e0e1184b279fe30cfa23f2aeb3d0832d8e12e97b6a5726ed1aa41f80ea97f411a835997e034c788a4a

    • SSDEEP

      6144:pdSNRhY3pH7OehnYmHxlCuNNZRCuFECcColZTgcMRqNoa:rSNRC9dtRxlC8ZRiCKlZ0hRAZ

    Score
    1/10
    • Target

      fzsftp.exe

    • Size

      648KB

    • MD5

      b6e4e45f28622d545bd422fd05fb4b75

    • SHA1

      b012a486d7358862a52b0394f40461395a9c4b91

    • SHA256

      223fd723f9c29b0b3a089777a02f05a11818f69642528a8e2d1d409bfccf1423

    • SHA512

      7afac1fc33b06a67dbb9e052f1a61feadeb3675c209fdc11a2f6e86016c946fbf7e35e3d5db298b8d7011f14daeede64d4dce99ba183caa7a300db1420364469

    • SSDEEP

      12288:cTZBJ97RLnrlh6wqGX/DA8RYxQzaQ15uypHUZD7x7frn:cTZz3Lnrlh68DlYxa7HUZDN7frn

    Score
    1/10
    • Target

      fzstorj.exe

    • Size

      9.8MB

    • MD5

      fb4345e5f8c30ac2239265f14e1ae4ef

    • SHA1

      b989d0f2dac59dd8a9c78d7b69f3cc8714949715

    • SHA256

      bbdfd46773b11a15ae87751b81d504db8c99052ff3d8927d28281adee4af599c

    • SHA512

      612185aaed17a82d372146242458e725c9c1843236b0f522b512677069ff1ac3aec08cb5a3a567581b5875a033c40883e4bf131bceae4cf1c88142699deb6b17

    • SSDEEP

      196608:N474PITB45BLtG9sCkvf2C/2RrHxvZuNw5EstcMqkhYpuFQkS:84Perc

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discovery
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

spywarestealer
Score
7/10

behavioral26

spywarestealer
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10