cd5d47e37f559a6ad26815cc5146430f762a77fa3e4ce45cec07907f7a3b071a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd5d47e37f559a6ad26815cc5146430f762a77fa3e4ce45cec07907f7a3b071a
Size

34KB
Sample

221203-mcjb7abf55
MD5

5928656d99ee9f8cf831e113082e61d7
SHA1

b668c6a34c65389022169a99bf0e3b784b66d7b6
SHA256

cd5d47e37f559a6ad26815cc5146430f762a77fa3e4ce45cec07907f7a3b071a
SHA512

3d2f2def41d71d4577decb4e56e181d8a5545205a66176f7d320c2fd9b0e1f343030dc4684fe7724cd0890dfa6f5e82bae85d49853813fed5dcc3922adb4fab3
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQTmucwUWMB:ylqrVKprVuQTtMB

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  cd5d47e37f559a6ad26815cc5146430f762a77fa3e4ce45cec07907f7a3b071a
- Size
  
  34KB
- MD5
  
  5928656d99ee9f8cf831e113082e61d7
- SHA1
  
  b668c6a34c65389022169a99bf0e3b784b66d7b6
- SHA256
  
  cd5d47e37f559a6ad26815cc5146430f762a77fa3e4ce45cec07907f7a3b071a
- SHA512
  
  3d2f2def41d71d4577decb4e56e181d8a5545205a66176f7d320c2fd9b0e1f343030dc4684fe7724cd0890dfa6f5e82bae85d49853813fed5dcc3922adb4fab3
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQTmucwUWMB:ylqrVKprVuQTtMB
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2