Overview

overview

10

Static

static

3

f66ea506fd...32.exe

windows7-x64

10

f66ea506fd...32.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f66ea506fdc728aa805ea87bfa071060_exe32.exe

  • Size

    237KB

  • Sample

    231015-ykke1agh3t

  • MD5

    f66ea506fdc728aa805ea87bfa071060

  • SHA1

    f08ed629c8b401a22caff1344d142b03792f3629

  • SHA256

    e12a6b6a2f677bc9e045de2a39c6543a10196ced461bb12b470c3e7882ab4b26

  • SHA512

    89d524edae6f14b26a61f047d42a758cb376be072a4208fc65d745f221689d42e9d3a23b32595adcba521f3cbba85c8f44fa3f35cee0bcfa964d795149c6fa90

  • SSDEEP

    3072:hePgCctxGv4QcU9KQ2BBA2waPxhtmollrAN/kcMP:dCctxGsWKQ2Bx5xvhcNOP

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      f66ea506fdc728aa805ea87bfa071060_exe32.exe

    • Size

      237KB

    • MD5

      f66ea506fdc728aa805ea87bfa071060

    • SHA1

      f08ed629c8b401a22caff1344d142b03792f3629

    • SHA256

      e12a6b6a2f677bc9e045de2a39c6543a10196ced461bb12b470c3e7882ab4b26

    • SHA512

      89d524edae6f14b26a61f047d42a758cb376be072a4208fc65d745f221689d42e9d3a23b32595adcba521f3cbba85c8f44fa3f35cee0bcfa964d795149c6fa90

    • SSDEEP

      3072:hePgCctxGv4QcU9KQ2BBA2waPxhtmollrAN/kcMP:dCctxGsWKQ2Bx5xvhcNOP

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks