7989a7b69de838951253bcbd26ce463584354379a3dc07bb935d0fba8622a709 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.08ab344f2d838bba1cf532c7d82cab10_JC.exe
Size

427KB
Sample

231011-tvqmjshh51
MD5

08ab344f2d838bba1cf532c7d82cab10
SHA1

be755d647b9be29c02926ad2bc69b50f3ca3aa02
SHA256

7989a7b69de838951253bcbd26ce463584354379a3dc07bb935d0fba8622a709
SHA512

2f69e10336163841655c7f3f7a27770a907cb8e4e6fd698b3d9e4cc644a6a67279b14b416cd69d4b8df427e5f6fe56bdff4bbaf54c89b122f395f644a1e1fc53
SSDEEP

3072:VChJgYMm4xf9cU9KQ2BxA59SPMvOogn2D0YK0FN8lpSUyKncAxi2n:BYMm4xiWKQ2BiCMFZK03kNcATn

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.08ab344f2d838bba1cf532c7d82cab10_JC.exe
- Size
  
  427KB
- MD5
  
  08ab344f2d838bba1cf532c7d82cab10
- SHA1
  
  be755d647b9be29c02926ad2bc69b50f3ca3aa02
- SHA256
  
  7989a7b69de838951253bcbd26ce463584354379a3dc07bb935d0fba8622a709
- SHA512
  
  2f69e10336163841655c7f3f7a27770a907cb8e4e6fd698b3d9e4cc644a6a67279b14b416cd69d4b8df427e5f6fe56bdff4bbaf54c89b122f395f644a1e1fc53
- SSDEEP
  
  3072:VChJgYMm4xf9cU9KQ2BxA59SPMvOogn2D0YK0FN8lpSUyKncAxi2n:BYMm4xiWKQ2BiCMFZK03kNcATn
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2