Overview

overview

8

Static

static

3

023d20cf34...a5.exe

windows7-x64

8

023d20cf34...a5.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5.zip

  • Size

    135KB

  • Sample

    231119-3gm4yadd4t

  • MD5

    afd61ff5bb4417d5e6ac529be32be0be

  • SHA1

    74ecac22e1b12ec4aa74dca97d637d958aa76af6

  • SHA256

    8aa3a1a6a6d9371f9aa90a643c75e7083cd8fad705e292865c7159255065ff36

  • SHA512

    fc13bd940490583018eb27a98765dd689f5f8597be9ee47c23070baf379f429e6d8275ca2db6af451e5926a4299ca407a68b6bf7e97e4319e214e1ed740a5496

  • SSDEEP

    3072:u/Fdz1RnqE+0JGsL3PVvJ1IWFGbjP5kLVV9e2AT87:85RnqUfL3wP9587

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5.exe

    • Size

      203KB

    • MD5

      ee2d92b118a44254be173a6f95ea009d

    • SHA1

      b8f203dd1831c283cbdc15639f5bbd69182f2d14

    • SHA256

      023d20cf348044b1596ab0aa458ae49ce02a47eeb2c7bdda5bfa3354b7319ea5

    • SHA512

      cdb9aa222b6bf08411e1c4619ea704bcff0653135051649b9cc82427265be274cc240ab704bf2de2571f8274c80b13c5f406c9dfcbb9f4308846a3febdaf5395

    • SSDEEP

      3072:QGiOQBQI6uRWodJFBXF/XOdkq45kuQgyFNHiGtOdRISC:f0R6M3dRsdkqy0NHiNC

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks