Overview

overview

10

Static

static

3

AlphabetFormApp.exe

windows7-x64

10

AlphabetFormApp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f81fce9a24f86bc909a66fe44cee29f6.zip

  • Size

    3.0MB

  • Sample

    230716-vf811sfh79

  • MD5

    f81fce9a24f86bc909a66fe44cee29f6

  • SHA1

    55fab2ad2f9efd79e42385af29692687dcfc03c9

  • SHA256

    8b4c5be2959be0804af9a1cfd0926ac4af7f808135dd5a09e228fbb9f35a58a2

  • SHA512

    bcf4893b23182ed57599f932f5774742c1dc4106fcc496a39c41f1b83e82a5159780717d3c2303fee4fe311747c24afc4e76d3fe2c8e558a35cfa673c8e3b826

  • SSDEEP

    98304:a7X8Wdc0VfTES1YxKAMixiX8hBIwwRS386aQv:heHVfTESGFC8hBITU8he

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    crglkybqrigongwx

Targets

    • Target

      AlphabetFormApp.exe

    • Size

      3.1MB

    • MD5

      8e0c45dde34b22df6e4055a31f06788d

    • SHA1

      02291e6dfb01f6a542c56026a9b50ff44a2dce48

    • SHA256

      5e84524b05e2456c28a3530cb8e0d7f2b811a2d7074acbbac6950bfff97f8a13

    • SHA512

      cde0a1ce1f4843647bc106e6a0fd57c56572ef4a03bca297719acb92bf753c7971f940f93ed29459cc121ae4be2a270bedbc77501524db8215ab74b48a8d4f9c

    • SSDEEP

      98304:4vJ8ad0y5vx+q5O7gowuF+TCpZEeg1GbWumM:zKH5vx+qGPcCpZEXSWn

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks