General
-
Target
7a13fc81dae9c4c5f36ef12ba1fde7bf89f650459ac138a65627e61baa4b42d4
-
Size
208KB
-
Sample
221123-tcnp8sdf76
-
MD5
43c9c2b3c500429bef22b1146e30256e
-
SHA1
a6cd74d9a5dad69c64233c2148c962de02107d6b
-
SHA256
7a13fc81dae9c4c5f36ef12ba1fde7bf89f650459ac138a65627e61baa4b42d4
-
SHA512
b773d83c46f3af89c7f32a826718684499060b520a3d63ed7db77796c77b27827ba81c8eba76c7a869dcb2ce1e6fc3fa0a2794f87f9d862b4817547886e38702
-
SSDEEP
3072:IVHgCc4xGvbwcU9KQ2BBAHmaPxNVoeb5Eu:VCc4xGxWKQ2Bonx5
Malware Config
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Targets
-
-
Target
7a13fc81dae9c4c5f36ef12ba1fde7bf89f650459ac138a65627e61baa4b42d4
-
Size
208KB
-
MD5
43c9c2b3c500429bef22b1146e30256e
-
SHA1
a6cd74d9a5dad69c64233c2148c962de02107d6b
-
SHA256
7a13fc81dae9c4c5f36ef12ba1fde7bf89f650459ac138a65627e61baa4b42d4
-
SHA512
b773d83c46f3af89c7f32a826718684499060b520a3d63ed7db77796c77b27827ba81c8eba76c7a869dcb2ce1e6fc3fa0a2794f87f9d862b4817547886e38702
-
SSDEEP
3072:IVHgCc4xGvbwcU9KQ2BBAHmaPxNVoeb5Eu:VCc4xGxWKQ2Bonx5
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-