37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73 | Triage

Sharing

General

Target

NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
Size

202KB
Sample

231010-xw6a6sab58
MD5

a4e4b05456d5f436ce91362048f5bd88
SHA1

a7a99b3258d136788ee9737a3b5d848b723c90ed
SHA256

37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73
SHA512

9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18
SSDEEP

1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
- Size
  
  202KB
- MD5
  
  a4e4b05456d5f436ce91362048f5bd88
- SHA1
  
  a7a99b3258d136788ee9737a3b5d848b723c90ed
- SHA256
  
  37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73
- SHA512
  
  9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18
- SSDEEP
  
  1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2