dd3b29ab78e3d0b307e6fa2a31d4adb29964036c0644989f04e2e91ab5532c3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd3b29ab78e3d0b307e6fa2a31d4adb29964036c0644989f04e2e91ab5532c3e
Size

196KB
Sample

221019-zkme2agcdr
MD5

a187b4d03187e6c7b25d1d4fe1a2dcf1
SHA1

878b51c0b29f8ebec7895532697ddb7fe598948d
SHA256

dd3b29ab78e3d0b307e6fa2a31d4adb29964036c0644989f04e2e91ab5532c3e
SHA512

d1d541d96f0fa7e95adad3b9108b988cc3a735416d72970f629364bc3bd821b02a85a7fc9952f3be133f87557cf907020867139f702e6f0c8b385b8961d3c9bc
SSDEEP

1536:7Xs9wrnUh4d7ygVpn0uv77P11gqu87UhofgmdBS:7XYw4+dGgLn0sP11gqEofgK8

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Targets

- Target
  
  dd3b29ab78e3d0b307e6fa2a31d4adb29964036c0644989f04e2e91ab5532c3e
- Size
  
  196KB
- MD5
  
  a187b4d03187e6c7b25d1d4fe1a2dcf1
- SHA1
  
  878b51c0b29f8ebec7895532697ddb7fe598948d
- SHA256
  
  dd3b29ab78e3d0b307e6fa2a31d4adb29964036c0644989f04e2e91ab5532c3e
- SHA512
  
  d1d541d96f0fa7e95adad3b9108b988cc3a735416d72970f629364bc3bd821b02a85a7fc9952f3be133f87557cf907020867139f702e6f0c8b385b8961d3c9bc
- SSDEEP
  
  1536:7Xs9wrnUh4d7ygVpn0uv77P11gqu87UhofgmdBS:7XYw4+dGgLn0sP11gqEofgK8
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2