aa04e7d4e6e10f7ec618631a812d0f7941cc43f1fcad2992d20c86831bde9161 | Triage

Sharing

General

Target

aa04e7d4e6e10f7ec618631a812d0f7941cc43f1fcad2992d20c86831bde9161
Size

37KB
Sample

221203-s5817sgg5v
MD5

ba07e86ce5bccbb4a9a9cdafef15f697
SHA1

f0a4f538bfcd9138b195ca0a2b1e8939d8c79310
SHA256

aa04e7d4e6e10f7ec618631a812d0f7941cc43f1fcad2992d20c86831bde9161
SHA512

4cba5bc48c53928c16cd801f58d0a4cc6e3b8447df0ee6b5aec0ff0b8172b3fb9631c34c7e5baef82c8e4991eee1a2c3d2b8f580028835825ade0deab8ad668a
SSDEEP

768:qhngu9Tmmdm3XR1hrNlYgu2O0cxBntsA7p5ULFnbiFJzuI6rwR:wTmmdm3hDrNlxH4l7p5YFnbiFl6rI

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
JaKeIsJaCk1

Targets

- Target
  
  aa04e7d4e6e10f7ec618631a812d0f7941cc43f1fcad2992d20c86831bde9161
- Size
  
  37KB
- MD5
  
  ba07e86ce5bccbb4a9a9cdafef15f697
- SHA1
  
  f0a4f538bfcd9138b195ca0a2b1e8939d8c79310
- SHA256
  
  aa04e7d4e6e10f7ec618631a812d0f7941cc43f1fcad2992d20c86831bde9161
- SHA512
  
  4cba5bc48c53928c16cd801f58d0a4cc6e3b8447df0ee6b5aec0ff0b8172b3fb9631c34c7e5baef82c8e4991eee1a2c3d2b8f580028835825ade0deab8ad668a
- SSDEEP
  
  768:qhngu9Tmmdm3XR1hrNlYgu2O0cxBntsA7p5ULFnbiFJzuI6rwR:wTmmdm3hDrNlxH4l7p5YFnbiFl6rI
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2