4cc2fe5cf26e4014b751ee04874e6ecd6b9dcb275dbd66217807091fb344c790 | Triage

Sharing

General

Target

4cc2fe5cf26e4014b751ee04874e6ecd6b9dcb275dbd66217807091fb344c790
Size

146KB
Sample

220919-1wcweaefej
MD5

5f99010ee174b047e5ef12d161ed4990
SHA1

5fc9b56bc75277ea3cbc813c65d6a4ececca50c3
SHA256

4cc2fe5cf26e4014b751ee04874e6ecd6b9dcb275dbd66217807091fb344c790
SHA512

030b3df54a8d881a490ee3a7b208a2690eb1bb2392a295f6cca808cf7661c2ef7abd4320a81b1bed3dd3f465590ee8f7bea9b2493ca171a381ca6e101d49d730
SSDEEP

768:rzQYScGrIubHuYtvdxwYHw5FAe2Q1ncwxP:PQTIubHy5wQ1j

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  4cc2fe5cf26e4014b751ee04874e6ecd6b9dcb275dbd66217807091fb344c790
- Size
  
  146KB
- MD5
  
  5f99010ee174b047e5ef12d161ed4990
- SHA1
  
  5fc9b56bc75277ea3cbc813c65d6a4ececca50c3
- SHA256
  
  4cc2fe5cf26e4014b751ee04874e6ecd6b9dcb275dbd66217807091fb344c790
- SHA512
  
  030b3df54a8d881a490ee3a7b208a2690eb1bb2392a295f6cca808cf7661c2ef7abd4320a81b1bed3dd3f465590ee8f7bea9b2493ca171a381ca6e101d49d730
- SSDEEP
  
  768:rzQYScGrIubHuYtvdxwYHw5FAe2Q1ncwxP:PQTIubHy5wQ1j
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2