General

  • Target

    FileZilla_3.68.1_win64-setup.exe

  • Size

    11.9MB

  • Sample

    241108-tnddmsxpbr

  • MD5

    deeadc6f907da391d6a3b8db202ca703

  • SHA1

    83daa87d196208fb6ded2a4f31a862fa86061e18

  • SHA256

    1feb6c12f584e98f9fddf95bf128f549310c738376fab82a5893eafed765ad83

  • SHA512

    6588c86da07f0f48641b6707438f9c73226318507b94e579f3ecb4f0735cea147eb42cb048b4d18f9fb85aea297dcd0ead4789f507367d4e566b1bba9f5ecfbf

  • SSDEEP

    196608:JMfMoEtZg0KHZ7YwcvbkmnyoQIPcfzSwamqEonJWeTDLbWboe+VB1TK1RP:JMEztZg0WYwcTkV4bwamqEsJjLQoe+K

Malware Config

Targets

    • Target

      FileZilla_3.68.1_win64-setup.exe

    • Size

      11.9MB

    • MD5

      deeadc6f907da391d6a3b8db202ca703

    • SHA1

      83daa87d196208fb6ded2a4f31a862fa86061e18

    • SHA256

      1feb6c12f584e98f9fddf95bf128f549310c738376fab82a5893eafed765ad83

    • SHA512

      6588c86da07f0f48641b6707438f9c73226318507b94e579f3ecb4f0735cea147eb42cb048b4d18f9fb85aea297dcd0ead4789f507367d4e566b1bba9f5ecfbf

    • SSDEEP

      196608:JMfMoEtZg0KHZ7YwcvbkmnyoQIPcfzSwamqEonJWeTDLbWboe+VB1TK1RP:JMEztZg0WYwcTkV4bwamqEsJjLQoe+K

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks