General
-
Target
7bc602c703e86e248639c08c7d32d03997340274f8526a0236de6184a04664e6
-
Size
100KB
-
Sample
221129-h33rasgc85
-
MD5
fce94f023225b6f75a24ca23baa01534
-
SHA1
83ce98a034b62332ba36871b5bcbc84db93a110b
-
SHA256
7bc602c703e86e248639c08c7d32d03997340274f8526a0236de6184a04664e6
-
SHA512
af9ba3c43c0b93725022878a3c8de191a08cf0e16abaa5769173c56eb3f2fe6b41d3ac1b95541e63e22393994cc5f72f5ccc1434d4c4d340f60ba429823d9833
-
SSDEEP
768:KhQ5Lbcp+MGOpbN5XdiAo1EXgBh04uXtle+WPi0CSlHhhItUYQzTGfL:4iLbcmUikXgPWD2BhoQk
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
7bc602c703e86e248639c08c7d32d03997340274f8526a0236de6184a04664e6
-
Size
100KB
-
MD5
fce94f023225b6f75a24ca23baa01534
-
SHA1
83ce98a034b62332ba36871b5bcbc84db93a110b
-
SHA256
7bc602c703e86e248639c08c7d32d03997340274f8526a0236de6184a04664e6
-
SHA512
af9ba3c43c0b93725022878a3c8de191a08cf0e16abaa5769173c56eb3f2fe6b41d3ac1b95541e63e22393994cc5f72f5ccc1434d4c4d340f60ba429823d9833
-
SSDEEP
768:KhQ5Lbcp+MGOpbN5XdiAo1EXgBh04uXtle+WPi0CSlHhhItUYQzTGfL:4iLbcmUikXgPWD2BhoQk
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-