Overview

overview

10

Static

static

1

05536299.exe

windows7-x64

10

05536299.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05536299.exe

  • Size

    1.8MB

  • Sample

    230615-ptj16agh3s

  • MD5

    0d29e755568b5f8cdc92e8eb8a3a6939

  • SHA1

    5e53441eb0d63691c912808c7c341ae023cb9ad4

  • SHA256

    25e0928fa6d8392e08c0da5f7ff348d1953ca310f84fcfc0e89b6da0bd9f99f6

  • SHA512

    6ae32c7d8aeeef23ed2cbcee108fee8c7f08b3e5a6aa23324ea0b5049d393bc6ec72a7cd7d0ba635c31eb5cc721ae37076d6190053637c62d8723dbbacbca0a0

  • SSDEEP

    49152:LmG+mSjyWGGajZgw1MlvfTSoIgwC2rC3UHHQorvWyadJT:LmrxOWkZgw4SzTC2re6Qor6dt

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Targets

    • Target

      05536299.exe

    • Size

      1.8MB

    • MD5

      0d29e755568b5f8cdc92e8eb8a3a6939

    • SHA1

      5e53441eb0d63691c912808c7c341ae023cb9ad4

    • SHA256

      25e0928fa6d8392e08c0da5f7ff348d1953ca310f84fcfc0e89b6da0bd9f99f6

    • SHA512

      6ae32c7d8aeeef23ed2cbcee108fee8c7f08b3e5a6aa23324ea0b5049d393bc6ec72a7cd7d0ba635c31eb5cc721ae37076d6190053637c62d8723dbbacbca0a0

    • SSDEEP

      49152:LmG+mSjyWGGajZgw1MlvfTSoIgwC2rC3UHHQorvWyadJT:LmrxOWkZgw4SzTC2re6Qor6dt

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks