67423d1fb9834094b62c66681b6284753f64b40b159494293362589e10bb896d

Sharing

Copy URL

Twitter E-mail

General

Target

c02798b26bdaf8e27c1c48ef5de4b2c3.bin
Size

463KB
Sample

240727-ebd23svglm
MD5

a168e3c23a017a3f10b6d9d55cd99d26
SHA1

f7a83c30d09f95aed00c79da0583dba19e95be65
SHA256

67423d1fb9834094b62c66681b6284753f64b40b159494293362589e10bb896d
SHA512

b6d5e15cd7f512f18c0f429a40adb652250e42c2d9d865b1851960defa4e9b82051562ca8452278bba89cbe67a3c99e80b6175344960bf8765bef7ab93f0517a
SSDEEP

12288:kkV9HCAA9aRFdfyLSzDrIoIWpyixR2KMnMIz/+v:kWCbcXdISuNaMnP7I

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mx.redinbox.org
Port:
587
Username:
[email protected]
Password:
20100813125554samvu

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
CaKewalk1!

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
goombas

Extracted

Credentials

Protocol: smtp
Host:
winer.com.br
Port:
587
Username:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.sakai.zaq.ne.jp
Port:
587
Username:
[email protected]
Password:
rlaehgus5842

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
horses4902

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
ou8122!

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontiernet.net
Port:
587
Username:
[email protected]
Password:
Srt4dodge$

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
superman

Extracted

Credentials

Protocol: smtp
Host:
mail.activecars.co.uk
Port:
587
Username:
[email protected]
Password:
paynio

Extracted

Credentials

Protocol: smtp
Host:
mx.gfgfgf.org
Port:
587
Username:
[email protected]
Password:
R7lmrwrf

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
Rum2486

Extracted

Credentials

Protocol: smtp
Host:
smtp.nifty.com
Port:
587
Username:
[email protected]
Password:
48521122

Extracted

Credentials

Protocol: smtp
Host:
smtp.mybluelight.com
Port:
587
Username:
[email protected]
Password:
sparky

Targets

- Target
  
  af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78.exe
- Size
  
  898KB
- MD5
  
  c02798b26bdaf8e27c1c48ef5de4b2c3
- SHA1
  
  bc59ab8827e13d1a9a1892eb4da9cf2d7d62a615
- SHA256
  
  af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78
- SHA512
  
  b541aeedcc4db6f8e0db0788f2791339476a863c15efc72aef3db916fc7c8ab41d84c0546c05b675be4d7700c4f986dbae5e2858d60ecd44b4ffbcae2065cfc4
- SSDEEP
  
  24576:juDXTIGaPhEYzUzA0aouDXTIGaPhEYzUzA0br:KDjlabwz9MDjlabwz93
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2