4c19e4317382ee99a410b6e801bd09839d636ef82d839dd4a529921c73d4bb6b | Triage

Sharing

General

Target

4c19e4317382ee99a410b6e801bd09839d636ef82d839dd4a529921c73d4bb6b
Size

103KB
Sample

220919-1wpvzabbb9
MD5

67ddd354e473afa2e7b4d2d2c358ad03
SHA1

d904181544475fa14e8621f5871e9693bc424781
SHA256

4c19e4317382ee99a410b6e801bd09839d636ef82d839dd4a529921c73d4bb6b
SHA512

f7d0b2d473cb29ea7b67633ce470d5ebb2628c87a082b6c74a578db2cd4fb84efbde61d5803ee2db2b0182ca36db381d07e75514d276a3745f52d04510846067
SSDEEP

768:LzQYScGrIubHuYtvdxwYHw5FAe2QwncwxN:vQTIubHy5wQwx

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  4c19e4317382ee99a410b6e801bd09839d636ef82d839dd4a529921c73d4bb6b
- Size
  
  103KB
- MD5
  
  67ddd354e473afa2e7b4d2d2c358ad03
- SHA1
  
  d904181544475fa14e8621f5871e9693bc424781
- SHA256
  
  4c19e4317382ee99a410b6e801bd09839d636ef82d839dd4a529921c73d4bb6b
- SHA512
  
  f7d0b2d473cb29ea7b67633ce470d5ebb2628c87a082b6c74a578db2cd4fb84efbde61d5803ee2db2b0182ca36db381d07e75514d276a3745f52d04510846067
- SSDEEP
  
  768:LzQYScGrIubHuYtvdxwYHw5FAe2QwncwxN:vQTIubHy5wQwx
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2