7b66817fc29319666658841fd0d55ebcc9d716126921e08f624406bf7be127e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b66817fc29319666658841fd0d55ebcc9d716126921e08f624406bf7be127e8
Size

764KB
Sample

221012-tx3d5abdc6
MD5

78bfd04796a9aa272c35b547c1b528d1
SHA1

d485cd573bc0feef67d087813fe1231a71eaa5b1
SHA256

7b66817fc29319666658841fd0d55ebcc9d716126921e08f624406bf7be127e8
SHA512

f8856459f641b98b7cdaa70f55efb5b3ffad520982d576b2a85c8f48f91ea694fd3d842d36d3c58bbf856670dd6508133bee11899b032b0cfda9fe92f14d5d8c
SSDEEP

384:QLA7acTYhO1rw/rFDd0xAUFNOxlD8mKxDtmrLsbVPb3LT9npzl+1PaBVn5Nf1kza:OSYhO1cUxAUFwEx50s5JpMsWWuN/g

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
gpandnx123

Targets

- Target
  
  7b66817fc29319666658841fd0d55ebcc9d716126921e08f624406bf7be127e8
- Size
  
  764KB
- MD5
  
  78bfd04796a9aa272c35b547c1b528d1
- SHA1
  
  d485cd573bc0feef67d087813fe1231a71eaa5b1
- SHA256
  
  7b66817fc29319666658841fd0d55ebcc9d716126921e08f624406bf7be127e8
- SHA512
  
  f8856459f641b98b7cdaa70f55efb5b3ffad520982d576b2a85c8f48f91ea694fd3d842d36d3c58bbf856670dd6508133bee11899b032b0cfda9fe92f14d5d8c
- SSDEEP
  
  384:QLA7acTYhO1rw/rFDd0xAUFNOxlD8mKxDtmrLsbVPb3LT9npzl+1PaBVn5Nf1kza:OSYhO1cUxAUFwEx50s5JpMsWWuN/g
Score

10^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2