General

  • Target

    c0a322d4a0805ff3e54cdf8077fc1bed34d815daa5ddbc285b5b7c4e102da2d0

  • Size

    204KB

  • Sample

    221206-ah2phaag59

  • MD5

    163b398fd9777226dd725221d19f2876

  • SHA1

    bf311b6573275f7fb127707b31c8024996f932cd

  • SHA256

    c0a322d4a0805ff3e54cdf8077fc1bed34d815daa5ddbc285b5b7c4e102da2d0

  • SHA512

    c56e6b76857ad55b4ac28ca4492baf846a55e9c3c568a792015ed93b27009bd9870023b702c42d1c730f19f64a7c9656c826ff3044379e1610409197987caf03

  • SSDEEP

    1536:7fAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwAgdIolq:7fQgicdlGvILcU9KQ2BBAkJaPxzIolq

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      c0a322d4a0805ff3e54cdf8077fc1bed34d815daa5ddbc285b5b7c4e102da2d0

    • Size

      204KB

    • MD5

      163b398fd9777226dd725221d19f2876

    • SHA1

      bf311b6573275f7fb127707b31c8024996f932cd

    • SHA256

      c0a322d4a0805ff3e54cdf8077fc1bed34d815daa5ddbc285b5b7c4e102da2d0

    • SHA512

      c56e6b76857ad55b4ac28ca4492baf846a55e9c3c568a792015ed93b27009bd9870023b702c42d1c730f19f64a7c9656c826ff3044379e1610409197987caf03

    • SSDEEP

      1536:7fAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwAgdIolq:7fQgicdlGvILcU9KQ2BBAkJaPxzIolq

    Score
    10/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks