7e006d76adc5128d048bee60720e587c56345618b8659171f38c7172ba759d45 | Triage

Sharing

General

Target

7e006d76adc5128d048bee60720e587c56345618b8659171f38c7172ba759d45
Size

251KB
Sample

221012-ravdwseear
MD5

6ddca36a071118c1535622fba4248ff0
SHA1

4450ed0fbe00960f113696cc12ae18ecf20f0c0b
SHA256

7e006d76adc5128d048bee60720e587c56345618b8659171f38c7172ba759d45
SHA512

3990dc7dce14651d81a9210b8ff21f30c0f2633c298fa19b1a4ea5124b7cd4f2b74c761589530245607af0ab3ed3f00785da924062a4f86d553ac93a8c720ea7
SSDEEP

6144:w/ELM2TUNJe5OaNSmy8+aiFjROC2IcHOcoxi09FmJF:SELM2yJeQaN4BaGd25uBfFmT

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
qeqeqeeqeqqeqe.ucoz.ru
Port:
21
Username:
0qeqeqeeqeqqeqe
Password:
11_AssAssiN_11

Targets

- Target
  
  7e006d76adc5128d048bee60720e587c56345618b8659171f38c7172ba759d45
- Size
  
  251KB
- MD5
  
  6ddca36a071118c1535622fba4248ff0
- SHA1
  
  4450ed0fbe00960f113696cc12ae18ecf20f0c0b
- SHA256
  
  7e006d76adc5128d048bee60720e587c56345618b8659171f38c7172ba759d45
- SHA512
  
  3990dc7dce14651d81a9210b8ff21f30c0f2633c298fa19b1a4ea5124b7cd4f2b74c761589530245607af0ab3ed3f00785da924062a4f86d553ac93a8c720ea7
- SSDEEP
  
  6144:w/ELM2TUNJe5OaNSmy8+aiFjROC2IcHOcoxi09FmJF:SELM2yJeQaN4BaGd25uBfFmT
Score

10^/10
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2