8f805549c32309867268d269840f994d91f32e0ffbceb728972f616b56f73437 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f805549c32309867268d269840f994d91f32e0ffbceb728972f616b56f73437
Size

34KB
Sample

221204-lrvhbsca9y
MD5

6e00141d8b06f9c7ffb196f9d457ef74
SHA1

081f42652d8d6986f4a0991782dffccecc0740c9
SHA256

8f805549c32309867268d269840f994d91f32e0ffbceb728972f616b56f73437
SHA512

e35828f9d8dcea4daa17fa12a5e67f90f8d5519bd348867512babbe2bb422f53d8503843ac24dcf0688a214ca38bf46bbe37cf7c1d5db54d6bacd3aee137bd94
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2Q0ncwx/:gQTIubHy5wQ0r

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  8f805549c32309867268d269840f994d91f32e0ffbceb728972f616b56f73437
- Size
  
  34KB
- MD5
  
  6e00141d8b06f9c7ffb196f9d457ef74
- SHA1
  
  081f42652d8d6986f4a0991782dffccecc0740c9
- SHA256
  
  8f805549c32309867268d269840f994d91f32e0ffbceb728972f616b56f73437
- SHA512
  
  e35828f9d8dcea4daa17fa12a5e67f90f8d5519bd348867512babbe2bb422f53d8503843ac24dcf0688a214ca38bf46bbe37cf7c1d5db54d6bacd3aee137bd94
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2Q0ncwx/:gQTIubHy5wQ0r
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2