5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa | Triage

Sharing

General

Target

5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa
Size

176KB
Sample

240919-ghbxeatdle
MD5

eab1ce186838ed5307b66edea2408a6c
SHA1

34642bef3ab1dc959e78f7a5e9e20195e1c36590
SHA256

5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa
SHA512

e34baa66d97fbc654cb79c394f162b607f955665d44f0acb6e3d685bf401a546d8a7049d10a85339620ff7971ac62cb291b406c94df680b6daa3f8399c23c257
SSDEEP

3072:gQ8Ioy6rIHuCPi19X9SOlFXEhpxgFfuapPh+FsdYetaK:W7/gi19NxFXNFfuapPh+sdY1K

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
framework.pcsoft.fr
Port:
21
Username:
framework
Password:
framework

Targets

- Target
  
  5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa
- Size
  
  176KB
- MD5
  
  eab1ce186838ed5307b66edea2408a6c
- SHA1
  
  34642bef3ab1dc959e78f7a5e9e20195e1c36590
- SHA256
  
  5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa
- SHA512
  
  e34baa66d97fbc654cb79c394f162b607f955665d44f0acb6e3d685bf401a546d8a7049d10a85339620ff7971ac62cb291b406c94df680b6daa3f8399c23c257
- SSDEEP
  
  3072:gQ8Ioy6rIHuCPi19X9SOlFXEhpxgFfuapPh+FsdYetaK:W7/gi19NxFXNFfuapPh+sdY1K
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2