f2207b746d6f3a6b86cea6da1664b0e42a242fa533ad763e58a9796b0c5a1c63 | Triage

Sharing

General

Target

f2207b746d6f3a6b86cea6da1664b0e42a242fa533ad763e58a9796b0c5a1c63.exe
Size

204KB
Sample

241122-mmj2gaypez
MD5

add03bc49b99d11338613001c707e422
SHA1

ddf346beed47b821cc6f05f71c8144204d9b35c6
SHA256

f2207b746d6f3a6b86cea6da1664b0e42a242fa533ad763e58a9796b0c5a1c63
SHA512

f4d19d8d13f8cf9e3c53630434d8693090a9dded497f3129f0c6f20a6cbe474d289fa3de383680c3cd57ccbdea1d13f08507f17b06598cd99d6f2ef1e9c86d87
SSDEEP

1536:BSHcWgnQs8VMNvY3vy3QpTha55R8Vh2oLq4:B0cIs8mNvY63Qhha55doLq4

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  f2207b746d6f3a6b86cea6da1664b0e42a242fa533ad763e58a9796b0c5a1c63.exe
- Size
  
  204KB
- MD5
  
  add03bc49b99d11338613001c707e422
- SHA1
  
  ddf346beed47b821cc6f05f71c8144204d9b35c6
- SHA256
  
  f2207b746d6f3a6b86cea6da1664b0e42a242fa533ad763e58a9796b0c5a1c63
- SHA512
  
  f4d19d8d13f8cf9e3c53630434d8693090a9dded497f3129f0c6f20a6cbe474d289fa3de383680c3cd57ccbdea1d13f08507f17b06598cd99d6f2ef1e9c86d87
- SSDEEP
  
  1536:BSHcWgnQs8VMNvY3vy3QpTha55R8Vh2oLq4:B0cIs8mNvY63Qhha55doLq4
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2