ef266d897d5100f776ddd682e57afea95a69d93b1f7febebbb271a3039c89785 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef266d897d5100f776ddd682e57afea95a69d93b1f7febebbb271a3039c89785
Size

35KB
Sample

221107-khak5agbg4
MD5

0e95f869836d51b7321f327b87d56970
SHA1

2287f0d90b1e441e1494fd69da80e5292e05216f
SHA256

ef266d897d5100f776ddd682e57afea95a69d93b1f7febebbb271a3039c89785
SHA512

7e829edc7a2347d5dda5a24c9271a3d85ebe2a17c721785751ca6aeebf667d98f904bf0e7034796c3d208e033d1b5a7d008050edf97130fe7be53f55f23c043c
SSDEEP

768:YflivXrVKpVhKvtxwYHwVFoeAQTmucwUI:ulqrVKprVuQTP

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  ef266d897d5100f776ddd682e57afea95a69d93b1f7febebbb271a3039c89785
- Size
  
  35KB
- MD5
  
  0e95f869836d51b7321f327b87d56970
- SHA1
  
  2287f0d90b1e441e1494fd69da80e5292e05216f
- SHA256
  
  ef266d897d5100f776ddd682e57afea95a69d93b1f7febebbb271a3039c89785
- SHA512
  
  7e829edc7a2347d5dda5a24c9271a3d85ebe2a17c721785751ca6aeebf667d98f904bf0e7034796c3d208e033d1b5a7d008050edf97130fe7be53f55f23c043c
- SSDEEP
  
  768:YflivXrVKpVhKvtxwYHwVFoeAQTmucwUI:ulqrVKprVuQTP
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2