General
-
Target
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b
-
Size
309KB
-
Sample
221124-axnq7afe75
-
MD5
28b756da4ec47d7f90ffbb6e8dbdbcad
-
SHA1
3b87ed6418476d592db6f57651a75d6862841da7
-
SHA256
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b
-
SHA512
ebfd6422681cf08d11c7a34eaa6038cb680308309747e65579b668e0ddb16289d01700bcd7f3e247a28a2cf3383696264e14d57b672acc41fa3317ecfb71e268
-
SSDEEP
3072:+VHgCc4xGvbwcU9KQ2BBAHmaPx0VoIb5E+:fCc4xGxWKQ2Bonxs
Static task
static1
Behavioral task
behavioral1
Sample
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b
-
Size
309KB
-
MD5
28b756da4ec47d7f90ffbb6e8dbdbcad
-
SHA1
3b87ed6418476d592db6f57651a75d6862841da7
-
SHA256
f1e664c4ed84ebfc0f469d0dfea292e625bb7dac918ccc1c22999a491c3ad48b
-
SHA512
ebfd6422681cf08d11c7a34eaa6038cb680308309747e65579b668e0ddb16289d01700bcd7f3e247a28a2cf3383696264e14d57b672acc41fa3317ecfb71e268
-
SSDEEP
3072:+VHgCc4xGvbwcU9KQ2BBAHmaPx0VoIb5E+:fCc4xGxWKQ2Bonxs
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-