General
-
Target
a50332a6837eb5c98c6c17f27ffd3926335533e17d8fc5ae548b7c632c7a2a35
-
Size
208KB
-
Sample
221129-ee672aga21
-
MD5
e5bbf0567a001dd9b0c3c2698963a989
-
SHA1
84be59586bec00924d075e3a96144d06472c9b7b
-
SHA256
a50332a6837eb5c98c6c17f27ffd3926335533e17d8fc5ae548b7c632c7a2a35
-
SHA512
6d21b4679f823391effa5730491a69b96959b73629d5f04cbf6098d0514cd832b4439d5fabafa9c92eda71f96e601fa2f2bca959f03ad98336c7ba07d88b0e15
-
SSDEEP
3072:1VHgCc4xGvbwcU9KQ2BBAHmaPxNVodb5Eo:oCc4xGxWKQ2BonxW
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
a50332a6837eb5c98c6c17f27ffd3926335533e17d8fc5ae548b7c632c7a2a35
-
Size
208KB
-
MD5
e5bbf0567a001dd9b0c3c2698963a989
-
SHA1
84be59586bec00924d075e3a96144d06472c9b7b
-
SHA256
a50332a6837eb5c98c6c17f27ffd3926335533e17d8fc5ae548b7c632c7a2a35
-
SHA512
6d21b4679f823391effa5730491a69b96959b73629d5f04cbf6098d0514cd832b4439d5fabafa9c92eda71f96e601fa2f2bca959f03ad98336c7ba07d88b0e15
-
SSDEEP
3072:1VHgCc4xGvbwcU9KQ2BBAHmaPxNVodb5Eo:oCc4xGxWKQ2BonxW
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-