02f54c5ffde68cf7932537839ba31f0d825de18e2e472543f0db409c622b7557 | Triage

Sharing

General

Target

02f54c5ffde68cf7932537839ba31f0d825de18e2e472543f0db409c622b7557
Size

216KB
Sample

240305-vrg2nsch72
MD5

f3adc6a2dfd5da230cbf44d3b7b7fe61
SHA1

c92fe5a63149edcc306423ec1aeaf58a7997d7f3
SHA256

02f54c5ffde68cf7932537839ba31f0d825de18e2e472543f0db409c622b7557
SHA512

b3e3caa2dfea6b074c6a04d3afa7b4aead26c94a6079cce4ce1fe38de056eef7bcecd04bedb02ef5b53649a44b5739c7f909496905883a32f87e158401006596
SSDEEP

3072:HePgHctxGv4QcU9KQ2BBA2waPxVtmolhK1r:THctxGsWKQ2Bx5xjt8r

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Targets

- Target
  
  02f54c5ffde68cf7932537839ba31f0d825de18e2e472543f0db409c622b7557
- Size
  
  216KB
- MD5
  
  f3adc6a2dfd5da230cbf44d3b7b7fe61
- SHA1
  
  c92fe5a63149edcc306423ec1aeaf58a7997d7f3
- SHA256
  
  02f54c5ffde68cf7932537839ba31f0d825de18e2e472543f0db409c622b7557
- SHA512
  
  b3e3caa2dfea6b074c6a04d3afa7b4aead26c94a6079cce4ce1fe38de056eef7bcecd04bedb02ef5b53649a44b5739c7f909496905883a32f87e158401006596
- SSDEEP
  
  3072:HePgHctxGv4QcU9KQ2BBA2waPxVtmolhK1r:THctxGsWKQ2Bx5xjt8r
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2