8232f0378be169cea3d5f33e04bcbf2ae12d884277a3b24cedb8992c31c638e3 | Triage

Sharing

General

Target

8232f0378be169cea3d5f33e04bcbf2ae12d884277a3b24cedb8992c31c638e3
Size

35KB
Sample

221203-cghw4see95
MD5

43d830f62f9ec58490f8f3fac237c053
SHA1

3fb0f1f2796d2c3e33f21c8a89d153da53bf0d72
SHA256

8232f0378be169cea3d5f33e04bcbf2ae12d884277a3b24cedb8992c31c638e3
SHA512

0c044b13a5c1aa45208bf547dfcdac9d73b688d480034ffc16814b65efd2d350dc857c24e9f8888a173ac8b97712a0a0f76de21628440ac37a04d00d06b549d5
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQqmucwUvnih:ylqrVKprVuQqOn4

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  8232f0378be169cea3d5f33e04bcbf2ae12d884277a3b24cedb8992c31c638e3
- Size
  
  35KB
- MD5
  
  43d830f62f9ec58490f8f3fac237c053
- SHA1
  
  3fb0f1f2796d2c3e33f21c8a89d153da53bf0d72
- SHA256
  
  8232f0378be169cea3d5f33e04bcbf2ae12d884277a3b24cedb8992c31c638e3
- SHA512
  
  0c044b13a5c1aa45208bf547dfcdac9d73b688d480034ffc16814b65efd2d350dc857c24e9f8888a173ac8b97712a0a0f76de21628440ac37a04d00d06b549d5
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQqmucwUvnih:ylqrVKprVuQqOn4
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2