General
-
Target
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537
-
Size
270KB
-
Sample
221124-axvvhafe84
-
MD5
274a75731edc8dd17cac8824c7cfdc10
-
SHA1
305a8c443a4109731d659db046c9e99f40d31db0
-
SHA256
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537
-
SHA512
5bcd72f3e9a4cd5972f8609d41ee2212f72970e1633ce8e0214c246c34c97179f0c18342add20149223cc6bd0afedf8d6c89ae7dd24f50db3e344f577467b112
-
SSDEEP
3072:853mQ7JtnP5I09qgmBBAWgjSvwN/oSWBAYEQ3/AeohItgsk:UmKJtna2qgmBNgQwGAw/SItg/
Static task
static1
Behavioral task
behavioral1
Sample
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537
-
Size
270KB
-
MD5
274a75731edc8dd17cac8824c7cfdc10
-
SHA1
305a8c443a4109731d659db046c9e99f40d31db0
-
SHA256
89dc7f9bbc4a0a041f15b7ad6f67df12e9ff8555e3f34be3c29d5b4dcd720537
-
SHA512
5bcd72f3e9a4cd5972f8609d41ee2212f72970e1633ce8e0214c246c34c97179f0c18342add20149223cc6bd0afedf8d6c89ae7dd24f50db3e344f577467b112
-
SSDEEP
3072:853mQ7JtnP5I09qgmBBAWgjSvwN/oSWBAYEQ3/AeohItgsk:UmKJtna2qgmBNgQwGAw/SItg/
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-