Overview

overview

8

Static

static

3

203515e9c0...fc.zip

windows7-x64

1

203515e9c0...fc.zip

windows10-2004-x64

1

a0a73f9f2d...ba.exe

windows7-x64

8

a0a73f9f2d...ba.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    203515e9c0d346cca1ba293c335eb6fc.bin

  • Size

    2.3MB

  • Sample

    231127-bmfs9sdd9y

  • MD5

    b3ee3fe162d852144e145e06e9438ecb

  • SHA1

    9f1c39950f3691b7cb308664be40f9b5c72c377b

  • SHA256

    651c08eae739643a00ba7a2c547dec5cb7db67672da51f72d43e635be6a456ee

  • SHA512

    6ad4cfe0c4082a20f93ede9c917848a54283343840f065db8edad6720bde2b5afa8828378a4b4cae64e3bfadad4be3b5d15c4195f5b878ee3f3cea4a9a6ee5c8

  • SSDEEP

    49152:HF272B42aZp7PKu/4sQ46vwsE9eVs81YE8DWY1ZJq61Vyyy:HqzTSM4sQjvws7lvsr1ZJF1Vdy

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      203515e9c0d346cca1ba293c335eb6fc.bin

    • Size

      2.3MB

    • MD5

      b3ee3fe162d852144e145e06e9438ecb

    • SHA1

      9f1c39950f3691b7cb308664be40f9b5c72c377b

    • SHA256

      651c08eae739643a00ba7a2c547dec5cb7db67672da51f72d43e635be6a456ee

    • SHA512

      6ad4cfe0c4082a20f93ede9c917848a54283343840f065db8edad6720bde2b5afa8828378a4b4cae64e3bfadad4be3b5d15c4195f5b878ee3f3cea4a9a6ee5c8

    • SSDEEP

      49152:HF272B42aZp7PKu/4sQ46vwsE9eVs81YE8DWY1ZJq61Vyyy:HqzTSM4sQjvws7lvsr1ZJF1Vdy

    Score
    1/10
    behavioral1behavioral2

    • Target

      a0a73f9f2d0aa56ffceef8da32e097f7d87e1199ba8282d065d5c0c78d0f49ba.exe

    • Size

      2.7MB

    • MD5

      203515e9c0d346cca1ba293c335eb6fc

    • SHA1

      4cdc24e1d3b00f994f03770f62d4bf9729978650

    • SHA256

      a0a73f9f2d0aa56ffceef8da32e097f7d87e1199ba8282d065d5c0c78d0f49ba

    • SHA512

      33e1c726dd16ec62491816599ba94433a831b542e087eddb16777e637e372c638bb86690d6b720d23c7a19d1ce5424e32d062f113ecffef48ffe4a622134e41d

    • SSDEEP

      49152:8jVgiG1hT8cm8U2zkpdt0n/s0YRZHPm4poP2UkCsPt/BI:8ji7F84UJoE0YRZvm4pk2U/AhB

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks