96ef0e56a246839f80e2fd37e7b909e91e7fb7259da9eeffc4a297915142f00d | Triage

Sharing

General

Target

96ef0e56a246839f80e2fd37e7b909e91e7fb7259da9eeffc4a297915142f00d
Size

36KB
Sample

221129-fla9lsbd6z
MD5

9adab4a07b0dce16ba53ddfa6b2451d9
SHA1

1647b5447d44d9ec260b7cc58ead59c5321a1700
SHA256

96ef0e56a246839f80e2fd37e7b909e91e7fb7259da9eeffc4a297915142f00d
SHA512

5fcf6d6c646b26c52159859f0036ba4d640e25b8f2ff0d0b7b2542888c6422301bdec068f7166a3256b1d2b5e1dce080000f4c89b628cfe304493db8d9d73f9e
SSDEEP

768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/QPhcwxeI:+qYMz2wvdivQPQI

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  96ef0e56a246839f80e2fd37e7b909e91e7fb7259da9eeffc4a297915142f00d
- Size
  
  36KB
- MD5
  
  9adab4a07b0dce16ba53ddfa6b2451d9
- SHA1
  
  1647b5447d44d9ec260b7cc58ead59c5321a1700
- SHA256
  
  96ef0e56a246839f80e2fd37e7b909e91e7fb7259da9eeffc4a297915142f00d
- SHA512
  
  5fcf6d6c646b26c52159859f0036ba4d640e25b8f2ff0d0b7b2542888c6422301bdec068f7166a3256b1d2b5e1dce080000f4c89b628cfe304493db8d9d73f9e
- SSDEEP
  
  768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/QPhcwxeI:+qYMz2wvdivQPQI
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2