029713c7f9069ae55ce1f51566631c74088f3d613995d4a808d48ad9e7aba4c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

029713c7f9069ae55ce1f51566631c74088f3d613995d4a808d48ad9e7aba4c3
Size

35KB
Sample

220919-112ekaehfp
MD5

f8873e183f17f282d920778611b49e44
SHA1

2c740f268efa3a936dd9155be92e7949450ebdc7
SHA256

029713c7f9069ae55ce1f51566631c74088f3d613995d4a808d48ad9e7aba4c3
SHA512

f67714366e0d3fea743ad4776b75798ddf1904d7f7818e7c1f8c4422dfbde7d6f9e4926f45b35bf5c039e3c51b86f49ad1ea1667f9da630f75d02797f6e8a508
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQJmucwUrw:ylqrVKprVuQJcw

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  029713c7f9069ae55ce1f51566631c74088f3d613995d4a808d48ad9e7aba4c3
- Size
  
  35KB
- MD5
  
  f8873e183f17f282d920778611b49e44
- SHA1
  
  2c740f268efa3a936dd9155be92e7949450ebdc7
- SHA256
  
  029713c7f9069ae55ce1f51566631c74088f3d613995d4a808d48ad9e7aba4c3
- SHA512
  
  f67714366e0d3fea743ad4776b75798ddf1904d7f7818e7c1f8c4422dfbde7d6f9e4926f45b35bf5c039e3c51b86f49ad1ea1667f9da630f75d02797f6e8a508
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQJmucwUrw:ylqrVKprVuQJcw
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2