b8aa601a8170430b2aa72e1cf172041089a673972ec16a2ea4c43168ececdaf6 | Triage

Sharing

General

Target

b8aa601a8170430b2aa72e1cf172041089a673972ec16a2ea4c43168ececdaf6
Size

64KB
Sample

221205-w774gahd5t
MD5

edf92f3f42d6cb634254b384c8c214de
SHA1

18d42a714fa8a1fd2178e762ea8f5a02a4ec88f2
SHA256

b8aa601a8170430b2aa72e1cf172041089a673972ec16a2ea4c43168ececdaf6
SHA512

263af274f7133527bf2f44d786851a827c3d3091a76cd8310fde9d559fe1bc22eab870cfdf9ecef0b3644f8639d1912fc8374dc82a30e4a0d24a8e2463eaa6e6
SSDEEP

768:6/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLh:6RsvcdcQjosnvnZ6LQ1Eh

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  b8aa601a8170430b2aa72e1cf172041089a673972ec16a2ea4c43168ececdaf6
- Size
  
  64KB
- MD5
  
  edf92f3f42d6cb634254b384c8c214de
- SHA1
  
  18d42a714fa8a1fd2178e762ea8f5a02a4ec88f2
- SHA256
  
  b8aa601a8170430b2aa72e1cf172041089a673972ec16a2ea4c43168ececdaf6
- SHA512
  
  263af274f7133527bf2f44d786851a827c3d3091a76cd8310fde9d559fe1bc22eab870cfdf9ecef0b3644f8639d1912fc8374dc82a30e4a0d24a8e2463eaa6e6
- SSDEEP
  
  768:6/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLh:6RsvcdcQjosnvnZ6LQ1Eh
Score

10^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2