eb8da84b699805f446de4e5581c7566ca0deb0b9b6cf224253a4d5c59c8a90bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba4bdd6603ffa4cc81cbaa4681bdba86_JC.exe
Size

425KB
Sample

230930-ppt1kabg9t
MD5

ba4bdd6603ffa4cc81cbaa4681bdba86
SHA1

e1437321c7072bf766ce46d20a50e1ab68897dbc
SHA256

eb8da84b699805f446de4e5581c7566ca0deb0b9b6cf224253a4d5c59c8a90bc
SHA512

c372dd7a004288b228e473fd9f1d6cebbfb4e5528072dcf729920629f1544e2585ab6a8848dc30b79605cb676d8c83458cc2a10fae89a1b8354fe9ee1292de80
SSDEEP

1536:6Z/fgEAqJlV+n1EgGHo7P1YPx28Vayon3s/B/t:61gEZl0nt/P1YPx/onO/t

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  ba4bdd6603ffa4cc81cbaa4681bdba86_JC.exe
- Size
  
  425KB
- MD5
  
  ba4bdd6603ffa4cc81cbaa4681bdba86
- SHA1
  
  e1437321c7072bf766ce46d20a50e1ab68897dbc
- SHA256
  
  eb8da84b699805f446de4e5581c7566ca0deb0b9b6cf224253a4d5c59c8a90bc
- SHA512
  
  c372dd7a004288b228e473fd9f1d6cebbfb4e5528072dcf729920629f1544e2585ab6a8848dc30b79605cb676d8c83458cc2a10fae89a1b8354fe9ee1292de80
- SSDEEP
  
  1536:6Z/fgEAqJlV+n1EgGHo7P1YPx28Vayon3s/B/t:61gEZl0nt/P1YPx/onO/t
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2