4fbf18b6a18e36a57ef07e398330495fae45e7ecea2f7b1ba4d5bc1c10e87146 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79535538c605b530668cd9e15304ac79
Size

296KB
Sample

240127-fjzt7afbgk
MD5

79535538c605b530668cd9e15304ac79
SHA1

0fa9798e0aa00cbdfcf436bd6b3f95c4d664e6d1
SHA256

4fbf18b6a18e36a57ef07e398330495fae45e7ecea2f7b1ba4d5bc1c10e87146
SHA512

b231500a2161372c17dfcd1247195bdcc262f4dbecfd236f462a6cf519e392d26f33487c57957e58b3fd18a0f320dd2c86259bec384ea140edaa102f17930d59
SSDEEP

3072:qePgCctxGv4QcU9KQ2BBA2waPxhtmolHbjRYM5p:OCctxGsWKQ2Bx5xvjHF

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Targets

- Target
  
  79535538c605b530668cd9e15304ac79
- Size
  
  296KB
- MD5
  
  79535538c605b530668cd9e15304ac79
- SHA1
  
  0fa9798e0aa00cbdfcf436bd6b3f95c4d664e6d1
- SHA256
  
  4fbf18b6a18e36a57ef07e398330495fae45e7ecea2f7b1ba4d5bc1c10e87146
- SHA512
  
  b231500a2161372c17dfcd1247195bdcc262f4dbecfd236f462a6cf519e392d26f33487c57957e58b3fd18a0f320dd2c86259bec384ea140edaa102f17930d59
- SSDEEP
  
  3072:qePgCctxGv4QcU9KQ2BBA2waPxhtmolHbjRYM5p:OCctxGsWKQ2Bx5xvjHF
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2