db3af571f06fabfbbf6420bbefd4fac2b0b42e30b430e8740ba6a25bfe1d4ba2 | Triage

Sharing

General

Target

db3af571f06fabfbbf6420bbefd4fac2b0b42e30b430e8740ba6a25bfe1d4ba2
Size

150KB
Sample

221019-1drxlshecj
MD5

919b2b1b92e8b165ef29740134b74cf0
SHA1

88dbc8d1fa65461552b8b7166cd4f83887535ce7
SHA256

db3af571f06fabfbbf6420bbefd4fac2b0b42e30b430e8740ba6a25bfe1d4ba2
SHA512

444f38e0a70ea275c37ab9f6776f94cd18bbd9a061d284ac014970c4f97092d226d0c8fe970667b3a28449c936bff67e43a1766bf1a5fb28b727e9c421d6cd8b
SSDEEP

768:hk33Rdt3vQBofYJaX2P8fojSgwFXdOL+vYhSw5fmWfgOFQWbHo7me/c7yA50o:hknRdt3vqoaxqo/wJdMQ2NmQbFQfHcJ

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
arsensteller1.ucoz.ua
Port:
21
Username:
aarsensteller1
Password:
01072000a

Targets

- Target
  
  db3af571f06fabfbbf6420bbefd4fac2b0b42e30b430e8740ba6a25bfe1d4ba2
- Size
  
  150KB
- MD5
  
  919b2b1b92e8b165ef29740134b74cf0
- SHA1
  
  88dbc8d1fa65461552b8b7166cd4f83887535ce7
- SHA256
  
  db3af571f06fabfbbf6420bbefd4fac2b0b42e30b430e8740ba6a25bfe1d4ba2
- SHA512
  
  444f38e0a70ea275c37ab9f6776f94cd18bbd9a061d284ac014970c4f97092d226d0c8fe970667b3a28449c936bff67e43a1766bf1a5fb28b727e9c421d6cd8b
- SSDEEP
  
  768:hk33Rdt3vQBofYJaX2P8fojSgwFXdOL+vYhSw5fmWfgOFQWbHo7me/c7yA50o:hknRdt3vqoaxqo/wJdMQ2NmQbFQfHcJ
Score

10^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2