9af983e73b75272f35d044305e92695af5073ad413e5e0c79f7e90dcf657b216 | Triage

Sharing

General

Target

c64d080c672d4dcaa073cddd1e145472_JC.exe
Size

260KB
Sample

231003-sz4jjaeg84
MD5

c64d080c672d4dcaa073cddd1e145472
SHA1

e04ba6e1d9b21380fa389fee5e5f44535e2f068f
SHA256

9af983e73b75272f35d044305e92695af5073ad413e5e0c79f7e90dcf657b216
SHA512

732e1df20c85ec3852cbe65c5194928388805850be29c8677a94e3b286e4ea9abaa410b1cebdbd321141e7f1eb00ce1ad5b466ba6a95ec0af04b8618bdadd5f8
SSDEEP

3072:mePgCctxGv4QcU9KQ2BBA2waPxhtmolu1CWN29/SAJyj2:CCctxGsWKQ2Bx5xv61RN29SAA2

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Targets

- Target
  
  c64d080c672d4dcaa073cddd1e145472_JC.exe
- Size
  
  260KB
- MD5
  
  c64d080c672d4dcaa073cddd1e145472
- SHA1
  
  e04ba6e1d9b21380fa389fee5e5f44535e2f068f
- SHA256
  
  9af983e73b75272f35d044305e92695af5073ad413e5e0c79f7e90dcf657b216
- SHA512
  
  732e1df20c85ec3852cbe65c5194928388805850be29c8677a94e3b286e4ea9abaa410b1cebdbd321141e7f1eb00ce1ad5b466ba6a95ec0af04b8618bdadd5f8
- SSDEEP
  
  3072:mePgCctxGv4QcU9KQ2BBA2waPxhtmolu1CWN29/SAJyj2:CCctxGsWKQ2Bx5xv61RN29SAA2
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2