Overview

overview

10

Static

static

3

ab4b96a4b0...4a.exe

windows7-x64

10

ab4b96a4b0...4a.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab4b96a4b0ee9d31f091d6219f0a384a

  • Size

    220KB

  • Sample

    240228-hxcmxsdh6y

  • MD5

    ab4b96a4b0ee9d31f091d6219f0a384a

  • SHA1

    2c1f1a745ce186c3a2bbaff4c06942c0e98895c6

  • SHA256

    46b35e7623fa43defbd0812f79ec8d4200632841b7d26d8650f350ee6e822236

  • SHA512

    62473f02b3e2983b89a3de866e95b25b5d4de15c7c37333d22df6f4f5cf2a28b8254c83b07065010fb320cf3096ad1a13e0a0b6ced6c23eb0fa30648cf47f503

  • SSDEEP

    3072:VfVLWlTTbEGe9AJKlCvIUZqoWJnt5bdLFx:RVqdT3GcQ4TajHx

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.byethost6.com
  • Port:
    21
  • Username:
    b6_9261312
  • Password:
    741852

Targets

    • Target

      ab4b96a4b0ee9d31f091d6219f0a384a

    • Size

      220KB

    • MD5

      ab4b96a4b0ee9d31f091d6219f0a384a

    • SHA1

      2c1f1a745ce186c3a2bbaff4c06942c0e98895c6

    • SHA256

      46b35e7623fa43defbd0812f79ec8d4200632841b7d26d8650f350ee6e822236

    • SHA512

      62473f02b3e2983b89a3de866e95b25b5d4de15c7c37333d22df6f4f5cf2a28b8254c83b07065010fb320cf3096ad1a13e0a0b6ced6c23eb0fa30648cf47f503

    • SSDEEP

      3072:VfVLWlTTbEGe9AJKlCvIUZqoWJnt5bdLFx:RVqdT3GcQ4TajHx

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks