aae91b6bd7e8f0e4cdcda00b1c0a91566cd69d51de73532dd1c3ca88d0330b09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aae91b6bd7e8f0e4cdcda00b1c0a91566cd69d51de73532dd1c3ca88d0330b09
Size

241KB
Sample

240425-b7c8wadb24
MD5

0b200044e77a37eda9a59f741be1e13c
SHA1

62cc572946e0a92c0f011263106213fdc9e60188
SHA256

aae91b6bd7e8f0e4cdcda00b1c0a91566cd69d51de73532dd1c3ca88d0330b09
SHA512

17f08739e6d85e32c7c8d6571d1f06316573a97809e87c7981e8e50444b921828f339533d6e9cbf25dbb910fb30b8147b8baba475f87065845fa1c31624ffbde
SSDEEP

1536:PXs9wrnUh4d7ygVpn0uv77P11gqu87qhofg/dBWpb:PXYw4+dGgLn0sP11gqGofg1C

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Targets

- Target
  
  aae91b6bd7e8f0e4cdcda00b1c0a91566cd69d51de73532dd1c3ca88d0330b09
- Size
  
  241KB
- MD5
  
  0b200044e77a37eda9a59f741be1e13c
- SHA1
  
  62cc572946e0a92c0f011263106213fdc9e60188
- SHA256
  
  aae91b6bd7e8f0e4cdcda00b1c0a91566cd69d51de73532dd1c3ca88d0330b09
- SHA512
  
  17f08739e6d85e32c7c8d6571d1f06316573a97809e87c7981e8e50444b921828f339533d6e9cbf25dbb910fb30b8147b8baba475f87065845fa1c31624ffbde
- SSDEEP
  
  1536:PXs9wrnUh4d7ygVpn0uv77P11gqu87qhofg/dBWpb:PXYw4+dGgLn0sP11gqGofg1C
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2