4504202c054482f24edb97e022266310000b709bbfac370f99d09c440f4fd647 | Triage

Sharing

General

Target

4504202c054482f24edb97e022266310000b709bbfac370f99d09c440f4fd647
Size

34KB
Sample

221019-ss4wqadeg3
MD5

a1005182dbe7c802d9e2e5f36d540993
SHA1

887216fe51cdaa6d2d2eb4dd7b4081040d07a01b
SHA256

4504202c054482f24edb97e022266310000b709bbfac370f99d09c440f4fd647
SHA512

49b3547f8e12c2e355fcc26ff13e4d21b28471df842b24c7b50a8aa76438fca1d63faf3d01364433cefee04335d56f3d57e978e7b870333f1995238d8d4a7d8c
SSDEEP

768:krqffKB8iVA+cH/vVdeBRs7pMttHuR79:NCBUftdLpMj8B

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
UnlimiteD

Targets

- Target
  
  4504202c054482f24edb97e022266310000b709bbfac370f99d09c440f4fd647
- Size
  
  34KB
- MD5
  
  a1005182dbe7c802d9e2e5f36d540993
- SHA1
  
  887216fe51cdaa6d2d2eb4dd7b4081040d07a01b
- SHA256
  
  4504202c054482f24edb97e022266310000b709bbfac370f99d09c440f4fd647
- SHA512
  
  49b3547f8e12c2e355fcc26ff13e4d21b28471df842b24c7b50a8aa76438fca1d63faf3d01364433cefee04335d56f3d57e978e7b870333f1995238d8d4a7d8c
- SSDEEP
  
  768:krqffKB8iVA+cH/vVdeBRs7pMttHuR79:NCBUftdLpMj8B
Score

10^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2