94635735a0e89f24ee1a1b48f30b70bd024221e4786abfc46f5f682931bdb2f3 | Triage

Sharing

General

Target

94635735a0e89f24ee1a1b48f30b70bd024221e4786abfc46f5f682931bdb2f3
Size

62KB
Sample

221201-bevbpaah87
MD5

c9aeab11434364422129922a38df8a5c
SHA1

63628a6b62e5ebc67f1e54fdb37df128becc38f3
SHA256

94635735a0e89f24ee1a1b48f30b70bd024221e4786abfc46f5f682931bdb2f3
SHA512

f6724f69232e407408eb4b4bef319d5fa0c0e2f684935757a4c3ce69578c36d4d7718b08da99e24818a4d16b453db0b471390ca037a6cf607ae994879f668dd1
SSDEEP

768:mhQ5Lbcp+MGOpbN5XdiAo1EXgBh04uXtle+WPi0CSlHhhItUYQzTGfL:UiLbcmUikXgPWD2BhoQk

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  94635735a0e89f24ee1a1b48f30b70bd024221e4786abfc46f5f682931bdb2f3
- Size
  
  62KB
- MD5
  
  c9aeab11434364422129922a38df8a5c
- SHA1
  
  63628a6b62e5ebc67f1e54fdb37df128becc38f3
- SHA256
  
  94635735a0e89f24ee1a1b48f30b70bd024221e4786abfc46f5f682931bdb2f3
- SHA512
  
  f6724f69232e407408eb4b4bef319d5fa0c0e2f684935757a4c3ce69578c36d4d7718b08da99e24818a4d16b453db0b471390ca037a6cf607ae994879f668dd1
- SSDEEP
  
  768:mhQ5Lbcp+MGOpbN5XdiAo1EXgBh04uXtle+WPi0CSlHhhItUYQzTGfL:UiLbcmUikXgPWD2BhoQk
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2