d010b81c3702cd3811c07f8815c0d7025f382a5bb613da99fe51a3e732fb7651 | Triage

Sharing

General

Target

d010b81c3702cd3811c07f8815c0d7025f382a5bb613da99fe51a3e732fb7651
Size

85KB
Sample

221029-wm7l7shaf6
MD5

5179e8ffb2edf34e1873fbb69799e6e0
SHA1

fe89097c277a3c3eec8c8abe644b650e46ba7b83
SHA256

d010b81c3702cd3811c07f8815c0d7025f382a5bb613da99fe51a3e732fb7651
SHA512

226967f281e5b6d1d462d371a8685801441eec06b741ffe8e9b955134610f709bfdb3514b1d0cc2975d7d5970b337d0de89dbb6ccb489bb2a90f4fed2be20fed
SSDEEP

768:zdlo/TaYmBcU7BPCHpT1PY9DRxXMX6PNrZSaLAXJpG87ZkDJZ+TyhCMijwRPtvy2:zdoTsBr6s72iNrouMkA7MsaN

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
FADP100899

Targets

- Target
  
  d010b81c3702cd3811c07f8815c0d7025f382a5bb613da99fe51a3e732fb7651
- Size
  
  85KB
- MD5
  
  5179e8ffb2edf34e1873fbb69799e6e0
- SHA1
  
  fe89097c277a3c3eec8c8abe644b650e46ba7b83
- SHA256
  
  d010b81c3702cd3811c07f8815c0d7025f382a5bb613da99fe51a3e732fb7651
- SHA512
  
  226967f281e5b6d1d462d371a8685801441eec06b741ffe8e9b955134610f709bfdb3514b1d0cc2975d7d5970b337d0de89dbb6ccb489bb2a90f4fed2be20fed
- SSDEEP
  
  768:zdlo/TaYmBcU7BPCHpT1PY9DRxXMX6PNrZSaLAXJpG87ZkDJZ+TyhCMijwRPtvy2:zdoTsBr6s72iNrouMkA7MsaN
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2