513808264718f43547eedcdf4dcdc226bc99c203bf0b409669eeaecab9e4fee2 | Triage

Sharing

General

Target

d6efaf16b3b470f5faf50d495b18a89f_JC.exe
Size

206KB
Sample

230923-rcdtxshh34
MD5

d6efaf16b3b470f5faf50d495b18a89f
SHA1

ba2fb74ac341144eb0aa37e051be2847299c080b
SHA256

513808264718f43547eedcdf4dcdc226bc99c203bf0b409669eeaecab9e4fee2
SHA512

ddc8d4d539566d21b9d32f09fa9d82841a7baf6f780025da8e6e3b29943ceab88a74b903e3c6e2db8a191ec92a11285e7da6493f90645b77bc15b57292b335c3
SSDEEP

1536:NSHcWgnQs8VMNvY3vy3QpTha55R8Ve2oL2W:N0cIs8mNvY63Qhha550oL2W

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  d6efaf16b3b470f5faf50d495b18a89f_JC.exe
- Size
  
  206KB
- MD5
  
  d6efaf16b3b470f5faf50d495b18a89f
- SHA1
  
  ba2fb74ac341144eb0aa37e051be2847299c080b
- SHA256
  
  513808264718f43547eedcdf4dcdc226bc99c203bf0b409669eeaecab9e4fee2
- SHA512
  
  ddc8d4d539566d21b9d32f09fa9d82841a7baf6f780025da8e6e3b29943ceab88a74b903e3c6e2db8a191ec92a11285e7da6493f90645b77bc15b57292b335c3
- SSDEEP
  
  1536:NSHcWgnQs8VMNvY3vy3QpTha55R8Ve2oL2W:N0cIs8mNvY63Qhha550oL2W
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2