81cc3ee1ea3ed2d2a26e687f849715e4287fdc90b0986744b49bcb8f8444fc45 | Triage

Sharing

General

Target

81cc3ee1ea3ed2d2a26e687f849715e4287fdc90b0986744b49bcb8f8444fc45
Size

208KB
Sample

221203-me8d4abg58
MD5

4643da36f40db3c5fdafcc54439e6b33
SHA1

7dc18463174d2c1178dce1ce32966c93646e54a1
SHA256

81cc3ee1ea3ed2d2a26e687f849715e4287fdc90b0986744b49bcb8f8444fc45
SHA512

1c667c770455663f9003be8a100b0ebb3348292526325db9780d556a56f4716e4116e46f1294122a84659decaa881fc411efec674ac7fa574f1553781781c4d3
SSDEEP

1536:VNSXbc74YTOnlNSUL09atT0mBBA7aKSvIYFwAUtdvo6QO5:VEo75OnPSI09qgmBBAGKSvwhvo69

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  81cc3ee1ea3ed2d2a26e687f849715e4287fdc90b0986744b49bcb8f8444fc45
- Size
  
  208KB
- MD5
  
  4643da36f40db3c5fdafcc54439e6b33
- SHA1
  
  7dc18463174d2c1178dce1ce32966c93646e54a1
- SHA256
  
  81cc3ee1ea3ed2d2a26e687f849715e4287fdc90b0986744b49bcb8f8444fc45
- SHA512
  
  1c667c770455663f9003be8a100b0ebb3348292526325db9780d556a56f4716e4116e46f1294122a84659decaa881fc411efec674ac7fa574f1553781781c4d3
- SSDEEP
  
  1536:VNSXbc74YTOnlNSUL09atT0mBBA7aKSvIYFwAUtdvo6QO5:VEo75OnPSI09qgmBBAGKSvwhvo69
Score

10^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2