General

  • Target

    a912266068969d8bbe63083374f7ae18.exe

  • Size

    1.1MB

  • Sample

    240107-yafn3adeg4

  • MD5

    a912266068969d8bbe63083374f7ae18

  • SHA1

    50e8da592cf2dc18726962011e564db5cc72a80a

  • SHA256

    5030ab37633f958d44ef2deb0c27f523b04a18407debe3ab54bc49394fa57c47

  • SHA512

    f76a0edcca36b3c54b91cf2731c580a3fdb7e2d31398bbab4d6a569f709b77132deed5ea1bc52681a863bf3cf94095c97f46fd949558bb43fd3999b2c3c9a5e1

  • SSDEEP

    12288:9YjxhfrJAaFuHmLOzF603PLXkvRSQ8iJrndZfTBWhEiqGkdPQx8/LJZmJj:gxhfVs5zn3TaBWaddxLJZo

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    Smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    FickenXD

Targets

    • Target

      a912266068969d8bbe63083374f7ae18.exe

    • Size

      1.1MB

    • MD5

      a912266068969d8bbe63083374f7ae18

    • SHA1

      50e8da592cf2dc18726962011e564db5cc72a80a

    • SHA256

      5030ab37633f958d44ef2deb0c27f523b04a18407debe3ab54bc49394fa57c47

    • SHA512

      f76a0edcca36b3c54b91cf2731c580a3fdb7e2d31398bbab4d6a569f709b77132deed5ea1bc52681a863bf3cf94095c97f46fd949558bb43fd3999b2c3c9a5e1

    • SSDEEP

      12288:9YjxhfrJAaFuHmLOzF603PLXkvRSQ8iJrndZfTBWhEiqGkdPQx8/LJZmJj:gxhfVs5zn3TaBWaddxLJZo

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks