General
-
Target
a912266068969d8bbe63083374f7ae18.exe
-
Size
1.1MB
-
Sample
240107-yafn3adeg4
-
MD5
a912266068969d8bbe63083374f7ae18
-
SHA1
50e8da592cf2dc18726962011e564db5cc72a80a
-
SHA256
5030ab37633f958d44ef2deb0c27f523b04a18407debe3ab54bc49394fa57c47
-
SHA512
f76a0edcca36b3c54b91cf2731c580a3fdb7e2d31398bbab4d6a569f709b77132deed5ea1bc52681a863bf3cf94095c97f46fd949558bb43fd3999b2c3c9a5e1
-
SSDEEP
12288:9YjxhfrJAaFuHmLOzF603PLXkvRSQ8iJrndZfTBWhEiqGkdPQx8/LJZmJj:gxhfVs5zn3TaBWaddxLJZo
Static task
static1
Behavioral task
behavioral1
Sample
a912266068969d8bbe63083374f7ae18.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a912266068969d8bbe63083374f7ae18.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
Protocol: smtp- Host:
Smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
FickenXD
Targets
-
-
Target
a912266068969d8bbe63083374f7ae18.exe
-
Size
1.1MB
-
MD5
a912266068969d8bbe63083374f7ae18
-
SHA1
50e8da592cf2dc18726962011e564db5cc72a80a
-
SHA256
5030ab37633f958d44ef2deb0c27f523b04a18407debe3ab54bc49394fa57c47
-
SHA512
f76a0edcca36b3c54b91cf2731c580a3fdb7e2d31398bbab4d6a569f709b77132deed5ea1bc52681a863bf3cf94095c97f46fd949558bb43fd3999b2c3c9a5e1
-
SSDEEP
12288:9YjxhfrJAaFuHmLOzF603PLXkvRSQ8iJrndZfTBWhEiqGkdPQx8/LJZmJj:gxhfVs5zn3TaBWaddxLJZo
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-