8f6a1857892a5215842e12eb2aef1817a239cce67bc2d0011adaffd1bed8e971 | Triage

Sharing

General

Target

8f6a1857892a5215842e12eb2aef1817a239cce67bc2d0011adaffd1bed8e971
Size

37KB
Sample

221123-qy8qrafc29
MD5

3b5a4878ea3490b8ed5837114cfd0c23
SHA1

c1d4068cc6acf6012eaed98aadd4c9845cf9c860
SHA256

8f6a1857892a5215842e12eb2aef1817a239cce67bc2d0011adaffd1bed8e971
SHA512

dee72f38785db9449bc7614df2fcc1018424a38181ceb4dc6e37633ec4bd6b220ed5a859551eaf1ad63e8efd90395592c75791729d3fb7c280a32785c60412a8
SSDEEP

768:aicdVeAwmmRmDTgRZ+hxL3g8E3KZBqHjsGp58GqFnLiFJzuh6rwQ:sCAwmmRmDTOZsxL3g8gfp581FnLiFw6R

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
Waterfall1

Targets

- Target
  
  8f6a1857892a5215842e12eb2aef1817a239cce67bc2d0011adaffd1bed8e971
- Size
  
  37KB
- MD5
  
  3b5a4878ea3490b8ed5837114cfd0c23
- SHA1
  
  c1d4068cc6acf6012eaed98aadd4c9845cf9c860
- SHA256
  
  8f6a1857892a5215842e12eb2aef1817a239cce67bc2d0011adaffd1bed8e971
- SHA512
  
  dee72f38785db9449bc7614df2fcc1018424a38181ceb4dc6e37633ec4bd6b220ed5a859551eaf1ad63e8efd90395592c75791729d3fb7c280a32785c60412a8
- SSDEEP
  
  768:aicdVeAwmmRmDTgRZ+hxL3g8E3KZBqHjsGp58GqFnLiFJzuh6rwQ:sCAwmmRmDTOZsxL3g8gfp581FnLiFw6R
Score

10^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2