Overview

overview

10

Static

static

3

243dffd773...c3.exe

windows7-x64

10

243dffd773...c3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    243dffd7739440f122679209b4faf652d26c434c916da9043b97878ed3d05dc3

  • Size

    2.4MB

  • Sample

    240517-ycws3afe63

  • MD5

    822dfe368ce65acae6da909b9f0a5ba2

  • SHA1

    c03baff4fc30a1574a94fa2f641b4300a7397444

  • SHA256

    243dffd7739440f122679209b4faf652d26c434c916da9043b97878ed3d05dc3

  • SHA512

    c4adc0975802bbcea92fd9126d4548a443318e5948fbca2ec74e891b96e9710e3969bcb621e203d32c71e7f51f549540b5dac4f5efaf8d02379a7712be31bc19

  • SSDEEP

    49152:XTHcvLQUbmVoJ6WOCjIHS3gICoSQH4W3g/qM8B1Ps/F7O:XT8ruoJ6MHdHj3g/2b0N7

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Targets

    • Target

      243dffd7739440f122679209b4faf652d26c434c916da9043b97878ed3d05dc3

    • Size

      2.4MB

    • MD5

      822dfe368ce65acae6da909b9f0a5ba2

    • SHA1

      c03baff4fc30a1574a94fa2f641b4300a7397444

    • SHA256

      243dffd7739440f122679209b4faf652d26c434c916da9043b97878ed3d05dc3

    • SHA512

      c4adc0975802bbcea92fd9126d4548a443318e5948fbca2ec74e891b96e9710e3969bcb621e203d32c71e7f51f549540b5dac4f5efaf8d02379a7712be31bc19

    • SSDEEP

      49152:XTHcvLQUbmVoJ6WOCjIHS3gICoSQH4W3g/qM8B1Ps/F7O:XT8ruoJ6MHdHj3g/2b0N7

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks