2363558dbf5e5853711b9c8de05f3f4e982279876d1245a753227b4727ac68ef | Triage

Sharing

General

Target

1f808d56ccf6c1949976538e5c82d63a
Size

3.3MB
Sample

231225-pza1fadgfp
MD5

1f808d56ccf6c1949976538e5c82d63a
SHA1

02fad1084819163cf92b868a092ec87d0f9e89d9
SHA256

2363558dbf5e5853711b9c8de05f3f4e982279876d1245a753227b4727ac68ef
SHA512

6f137b17250cbf85ed1675436ea159ed1fb3df3691537926b3e063a977d07f0313b89095fde9d4cdc0982737457f79ab42293ab94b36ca6d03ac35dec4da24f0
SSDEEP

98304:o5aFEvk5ZAlmO5Qxc/uBY/upDeRqAeaV8Fw:o5aFSk5ZAEc/uppOZeami

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
files.000webhost.com
Port:
21
Username:
fdhfdcgfgg

Targets

- Target
  
  1f808d56ccf6c1949976538e5c82d63a
- Size
  
  3.3MB
- MD5
  
  1f808d56ccf6c1949976538e5c82d63a
- SHA1
  
  02fad1084819163cf92b868a092ec87d0f9e89d9
- SHA256
  
  2363558dbf5e5853711b9c8de05f3f4e982279876d1245a753227b4727ac68ef
- SHA512
  
  6f137b17250cbf85ed1675436ea159ed1fb3df3691537926b3e063a977d07f0313b89095fde9d4cdc0982737457f79ab42293ab94b36ca6d03ac35dec4da24f0
- SSDEEP
  
  98304:o5aFEvk5ZAlmO5Qxc/uBY/upDeRqAeaV8Fw:o5aFSk5ZAEc/uppOZeami
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2