General
-
Target
98bc6086cb341968dbf904fea9b948455ec602fd3d95485fb1168ca9e9c919ba
-
Size
204KB
-
Sample
221201-sx74yaff7v
-
MD5
3f3d199a86fbba104250df020c9c8f88
-
SHA1
3422a943edf1ebd84098c51ceb773117513c07ed
-
SHA256
98bc6086cb341968dbf904fea9b948455ec602fd3d95485fb1168ca9e9c919ba
-
SHA512
4f407b073776918745165acb0e869addbd7ce928638d9839acddaf6705a411bb61629b9e7af51caf943bad162366ce704ac177a5a07725df5ee02390a081ef51
-
SSDEEP
3072:EePgCctxGv4QcU9KQ2BBA2waPxhtmol4c:ACctxGsWKQ2Bx5xvMc
Malware Config
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
98bc6086cb341968dbf904fea9b948455ec602fd3d95485fb1168ca9e9c919ba
-
Size
204KB
-
MD5
3f3d199a86fbba104250df020c9c8f88
-
SHA1
3422a943edf1ebd84098c51ceb773117513c07ed
-
SHA256
98bc6086cb341968dbf904fea9b948455ec602fd3d95485fb1168ca9e9c919ba
-
SHA512
4f407b073776918745165acb0e869addbd7ce928638d9839acddaf6705a411bb61629b9e7af51caf943bad162366ce704ac177a5a07725df5ee02390a081ef51
-
SSDEEP
3072:EePgCctxGv4QcU9KQ2BBA2waPxhtmol4c:ACctxGsWKQ2Bx5xvMc
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-