ed6074b6b1f7790987b3da779f685adcef694cf67c4fd0574ec74015cb210924 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31abe3231e402703b1c2647d4d32a848_JC.exe
Size

292KB
Sample

231010-1m24yadd9t
MD5

31abe3231e402703b1c2647d4d32a848
SHA1

e095d16dd823bef1fcaa7cee895f07c0c8c51726
SHA256

ed6074b6b1f7790987b3da779f685adcef694cf67c4fd0574ec74015cb210924
SHA512

c1a60604e363921e1f77cea5e80a2387d6f0c5fad974fee1e039f02c529f8a8cfc9ec84d0eb12e4053d7dea62c9c25e012b95a8b620403cd1bf1e619a28a24a5
SSDEEP

3072:4mfQgicdlGvILcU9KQ2BBAkJaPxuIol1t:4kicdlG5WKQ2BjGxM

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  31abe3231e402703b1c2647d4d32a848_JC.exe
- Size
  
  292KB
- MD5
  
  31abe3231e402703b1c2647d4d32a848
- SHA1
  
  e095d16dd823bef1fcaa7cee895f07c0c8c51726
- SHA256
  
  ed6074b6b1f7790987b3da779f685adcef694cf67c4fd0574ec74015cb210924
- SHA512
  
  c1a60604e363921e1f77cea5e80a2387d6f0c5fad974fee1e039f02c529f8a8cfc9ec84d0eb12e4053d7dea62c9c25e012b95a8b620403cd1bf1e619a28a24a5
- SSDEEP
  
  3072:4mfQgicdlGvILcU9KQ2BBAkJaPxuIol1t:4kicdlG5WKQ2BjGxM
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2