f50e7e7ed484a30f7eb151305380114c47d71e0a7c8719b221f7ca38c57ffd8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f50e7e7ed484a30f7eb151305380114c47d71e0a7c8719b221f7ca38c57ffd8f
Size

3.1MB
Sample

240703-fft5jasckk
MD5

d0ac810a582dbccb29bbb2a23e5e5064
SHA1

3ee8e8ab18de5a9f52e5770006bdb0a79e66ff52
SHA256

f50e7e7ed484a30f7eb151305380114c47d71e0a7c8719b221f7ca38c57ffd8f
SHA512

5c150be1be1f86eac355cf455d6958dba5dbc4fcbcff8dd5cd9c6da25e929912964f604c1a98bc6b8a464da651e1cbb000b1b9883535b8f21185bb0fd213a4dd
SSDEEP

49152:6vVoh9ph1zA2Mr81j84MVVoh9ph1HH6FBklHxMf7d:cuJ1k2M94MVuJ1HaTklHxMfp

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
framework.pcsoft.fr
Port:
21
Username:
framework
Password:
framework

Targets

- Target
  
  f50e7e7ed484a30f7eb151305380114c47d71e0a7c8719b221f7ca38c57ffd8f
- Size
  
  3.1MB
- MD5
  
  d0ac810a582dbccb29bbb2a23e5e5064
- SHA1
  
  3ee8e8ab18de5a9f52e5770006bdb0a79e66ff52
- SHA256
  
  f50e7e7ed484a30f7eb151305380114c47d71e0a7c8719b221f7ca38c57ffd8f
- SHA512
  
  5c150be1be1f86eac355cf455d6958dba5dbc4fcbcff8dd5cd9c6da25e929912964f604c1a98bc6b8a464da651e1cbb000b1b9883535b8f21185bb0fd213a4dd
- SSDEEP
  
  49152:6vVoh9ph1zA2Mr81j84MVVoh9ph1HH6FBklHxMf7d:cuJ1k2M94MVuJ1HaTklHxMfp
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2