e8ec3f010fbe166b738dad9cf68b50451698f500cb1c5dffabf6162338536413 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4122e66d26cf8f7f34609c1c80751baf_JC.exe
Size

196KB
Sample

231011-g2pydagf36
MD5

4122e66d26cf8f7f34609c1c80751baf
SHA1

e024ff5f631cbf79063371a6d2fca450c37488b0
SHA256

e8ec3f010fbe166b738dad9cf68b50451698f500cb1c5dffabf6162338536413
SHA512

ef74e5beea8bf30a5ee66b0c74fc8056b135b90bbb7477fc4cdcdec548b45647e0c57f1cadc2913a19ead2009f9884d0e81df9801370fdb741edcfe5a5a486dc
SSDEEP

1536:RbvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjrSrowuDJDw6:NvVQLIkLWeaA8KlCph9GrowuDJc6

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  4122e66d26cf8f7f34609c1c80751baf_JC.exe
- Size
  
  196KB
- MD5
  
  4122e66d26cf8f7f34609c1c80751baf
- SHA1
  
  e024ff5f631cbf79063371a6d2fca450c37488b0
- SHA256
  
  e8ec3f010fbe166b738dad9cf68b50451698f500cb1c5dffabf6162338536413
- SHA512
  
  ef74e5beea8bf30a5ee66b0c74fc8056b135b90bbb7477fc4cdcdec548b45647e0c57f1cadc2913a19ead2009f9884d0e81df9801370fdb741edcfe5a5a486dc
- SSDEEP
  
  1536:RbvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjrSrowuDJDw6:NvVQLIkLWeaA8KlCph9GrowuDJc6
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2