69139e2f0d97c73f0c6183eac6ead1775ee90a77fba87ca6def60d720221ae40 | Triage

Sharing

General

Target

69139e2f0d97c73f0c6183eac6ead1775ee90a77fba87ca6def60d720221ae40
Size

196KB
Sample

221201-sy3kvacc74
MD5

2c11a1190d017d38c4ef9dabadfc6e51
SHA1

061544394f00c259acab4c6ddc19af5ffe9d206f
SHA256

69139e2f0d97c73f0c6183eac6ead1775ee90a77fba87ca6def60d720221ae40
SHA512

0cdcaaa59f7a88c264aa423db0a15249ad223cf93e3e1f2acf970f60d015eb9695c91aa4c57fdb172df6c7317dc5cca644ecfe56b5a01bea8ed29faecb0a2440
SSDEEP

1536:2Xscdri741fT/dQVJnsuv77P1Vg6u8jSZofgJd8Q:2Xpdr1f5QrnssP1Vg6eofgrF

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.ueuo.com
Port:
21
Username:
googgle.ueuo.com
Password:
741852

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Targets

- Target
  
  69139e2f0d97c73f0c6183eac6ead1775ee90a77fba87ca6def60d720221ae40
- Size
  
  196KB
- MD5
  
  2c11a1190d017d38c4ef9dabadfc6e51
- SHA1
  
  061544394f00c259acab4c6ddc19af5ffe9d206f
- SHA256
  
  69139e2f0d97c73f0c6183eac6ead1775ee90a77fba87ca6def60d720221ae40
- SHA512
  
  0cdcaaa59f7a88c264aa423db0a15249ad223cf93e3e1f2acf970f60d015eb9695c91aa4c57fdb172df6c7317dc5cca644ecfe56b5a01bea8ed29faecb0a2440
- SSDEEP
  
  1536:2Xscdri741fT/dQVJnsuv77P1Vg6u8jSZofgJd8Q:2Xpdr1f5QrnssP1Vg6eofgrF
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2