Overview

overview

10

Static

static

3

54.exe

windows7-x64

7

54.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54.exe

  • Size

    126.9MB

  • Sample

    241122-b13vys1phs

  • MD5

    0e1b39c6dcca033d56408b25ec73a34c

  • SHA1

    bdf1f4f39f9e26b6eb2826c75a5e612ea81bacdd

  • SHA256

    981db65a918db89fba166dc5b9063d873ca4a2528cf9d56e8bf893fd53b98ba0

  • SHA512

    b6ff681e36faff90768309d2f12a8607789660c77addacd88bf203e32555c66912ad7ef0e2329931962db62119ba33d9fb24983c8f82b34e18d73d9e4e080fa6

  • SSDEEP

    3145728:GWrAYlpzUwzgWH8/KtNTiQxgMon0xzRkwYZ1KWQ:8YlhUjWH8CvTgMlSo

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    65.21.198.54
  • Port:
    21
  • Username:
    admin2
  • Password:
    hb..123456

Targets

    • Target

      54.exe

    • Size

      126.9MB

    • MD5

      0e1b39c6dcca033d56408b25ec73a34c

    • SHA1

      bdf1f4f39f9e26b6eb2826c75a5e612ea81bacdd

    • SHA256

      981db65a918db89fba166dc5b9063d873ca4a2528cf9d56e8bf893fd53b98ba0

    • SHA512

      b6ff681e36faff90768309d2f12a8607789660c77addacd88bf203e32555c66912ad7ef0e2329931962db62119ba33d9fb24983c8f82b34e18d73d9e4e080fa6

    • SSDEEP

      3145728:GWrAYlpzUwzgWH8/KtNTiQxgMon0xzRkwYZ1KWQ:8YlhUjWH8CvTgMlSo

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks