533f16a00d77e02b7d5a99c9e7fded1bb8764654f58aa56ef6a6979c1dc56bc4 | Triage

Sharing

General

Target

533f16a00d77e02b7d5a99c9e7fded1bb8764654f58aa56ef6a6979c1dc56bc4
Size

213KB
Sample

221124-axwf2afe85
MD5

3f83802b28a76223445ed1aee2f8cdf0
SHA1

3d68789453f1c68ea396db44b322f0c57d92d66e
SHA256

533f16a00d77e02b7d5a99c9e7fded1bb8764654f58aa56ef6a6979c1dc56bc4
SHA512

06f0114cdc4c569a7907ce4abe7190c22a138d6658c36f96446fecafde9e6b5c94fa4ac39de5490792a3636654c563ed74005ca62effb048c6e8740b91e1ff85
SSDEEP

1536:/5AiTLOQ74YDtnlN5UL09atT0mBBAragjSvIYFwAmd/olQpNuI:/53mQ7JtnP5I09qgmBBAWgjSvwN/olWT

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  533f16a00d77e02b7d5a99c9e7fded1bb8764654f58aa56ef6a6979c1dc56bc4
- Size
  
  213KB
- MD5
  
  3f83802b28a76223445ed1aee2f8cdf0
- SHA1
  
  3d68789453f1c68ea396db44b322f0c57d92d66e
- SHA256
  
  533f16a00d77e02b7d5a99c9e7fded1bb8764654f58aa56ef6a6979c1dc56bc4
- SHA512
  
  06f0114cdc4c569a7907ce4abe7190c22a138d6658c36f96446fecafde9e6b5c94fa4ac39de5490792a3636654c563ed74005ca62effb048c6e8740b91e1ff85
- SSDEEP
  
  1536:/5AiTLOQ74YDtnlN5UL09atT0mBBAragjSvIYFwAmd/olQpNuI:/53mQ7JtnP5I09qgmBBAWgjSvwN/olWT
Score

10^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2