Overview

overview

10

Static

static

c56196c49a...91.exe

windows7-x64

8

c56196c49a...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c56196c49acd5e6e47368f45f9873e873e38a8d4fc8f4a4f77498c415aeff591

  • Size

    35KB

  • Sample

    221204-v5bf2sef5y

  • MD5

    e80e355de71bf1f6092ab27f6e674c8b

  • SHA1

    b780a5b00dce8e8d17def50917abf0028a12c60b

  • SHA256

    c56196c49acd5e6e47368f45f9873e873e38a8d4fc8f4a4f77498c415aeff591

  • SHA512

    292bc38ae278f6bff9ecbd34a45daf0cf95b0c2b9d233ffb13d81f951bca8195ded8d4c4641e4790b514ddf17cf524e8e93b0f1c32f7067661cceb451dd4d0c8

  • SSDEEP

    768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/Q7hcwxC:+qYMz2wvdivQ7Y

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      c56196c49acd5e6e47368f45f9873e873e38a8d4fc8f4a4f77498c415aeff591

    • Size

      35KB

    • MD5

      e80e355de71bf1f6092ab27f6e674c8b

    • SHA1

      b780a5b00dce8e8d17def50917abf0028a12c60b

    • SHA256

      c56196c49acd5e6e47368f45f9873e873e38a8d4fc8f4a4f77498c415aeff591

    • SHA512

      292bc38ae278f6bff9ecbd34a45daf0cf95b0c2b9d233ffb13d81f951bca8195ded8d4c4641e4790b514ddf17cf524e8e93b0f1c32f7067661cceb451dd4d0c8

    • SSDEEP

      768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/Q7hcwxC:+qYMz2wvdivQ7Y

    Score
    10/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks