9879d7c390b8fb017c2febb85498d22f9b8de5579db6fc27cb942e5a9ee10fb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7609edb6ab6c4bef841d2375323c6d4.zip
Size

48KB
Sample

240903-f9v9pazcka
MD5

023b8331f67512882a04606de2912781
SHA1

b9edb7d69fa17ba96e3e484895bc9b4a844486e3
SHA256

9879d7c390b8fb017c2febb85498d22f9b8de5579db6fc27cb942e5a9ee10fb9
SHA512

820b912c4134075e3d62204b927515730f8ed885b2a6f6d0fd895e7192521afc8ea6e66b73edbe29f947f748574e2017f2df6c1eccda41462df1f2158e7a9136
SSDEEP

1536:tHQCtfzIdZvXfJMQisApOwTKq+945fvD0dgv:tHXrIdpXhMAApZTPU4KO

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.ueuo.com
Port:
21
Username:
googgle.ueuo.com
Password:
741852

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Targets

- Target
  
  41fc692d016b8ab749e38364a67897f316072604fac8b476b07ac4d2ca734cc8
- Size
  
  358KB
- MD5
  
  e7609edb6ab6c4bef841d2375323c6d4
- SHA1
  
  b2cda04fe3d6559348c626f58eb491385f177d51
- SHA256
  
  41fc692d016b8ab749e38364a67897f316072604fac8b476b07ac4d2ca734cc8
- SHA512
  
  5c1c09127f2620d71b3e4222d504103b99289e07bbd2d869943aa35050f2f3fb833421835e7507376b995806c2e38fecb1ad80f26636c06307c4c192ee9e353d
- SSDEEP
  
  1536:EXscdri741fT/dQVJnsuv77P1Vg6u8jSZofgzd8MUp:EXpdr1f5QrnssP1Vg6eofgJ2
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2