07895e7381e8e3825486f9fc85a929ac46f31a902fce3c6da2fd0e2b65dd1a0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07895e7381e8e3825486f9fc85a929ac46f31a902fce3c6da2fd0e2b65dd1a0d
Size

97KB
Sample

221014-kz15eagebk
MD5

677553b62c68b73d8aa1b32233988f40
SHA1

11fe891f2367e1efe0d4d28d78ed94d704130bb2
SHA256

07895e7381e8e3825486f9fc85a929ac46f31a902fce3c6da2fd0e2b65dd1a0d
SHA512

53fb6b5d2d6059de3d7f39f281bdbde1c4b8ea1328f2ba4bd07005578bdfa4f52cb366338cf32105d6554d1b87fe6d2c891b360d910b14124a085c0c9b97aa1d
SSDEEP

3072:yAhAhAXkEEmJ9op1W+IdUkZwV+oADasNsgAs4ni9tm6:yUUnEEmJ9cM+fbADLashL

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
0212205258

Targets

- Target
  
  07895e7381e8e3825486f9fc85a929ac46f31a902fce3c6da2fd0e2b65dd1a0d
- Size
  
  97KB
- MD5
  
  677553b62c68b73d8aa1b32233988f40
- SHA1
  
  11fe891f2367e1efe0d4d28d78ed94d704130bb2
- SHA256
  
  07895e7381e8e3825486f9fc85a929ac46f31a902fce3c6da2fd0e2b65dd1a0d
- SHA512
  
  53fb6b5d2d6059de3d7f39f281bdbde1c4b8ea1328f2ba4bd07005578bdfa4f52cb366338cf32105d6554d1b87fe6d2c891b360d910b14124a085c0c9b97aa1d
- SSDEEP
  
  3072:yAhAhAXkEEmJ9op1W+IdUkZwV+oADasNsgAs4ni9tm6:yUUnEEmJ9cM+fbADLashL
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2