53bb901ee95ab4a46fd55a5e0932240ea9fcce41902ad3c3a52668dca63c5dbb | Triage

Sharing

General

Target

NEAS.60fd3774785fc3c17b13e07b373c7510.exe
Size

426KB
Sample

231028-ym1vrsga7v
MD5

60fd3774785fc3c17b13e07b373c7510
SHA1

c80fa5eb61e58911719b8c191a9d4951198d4229
SHA256

53bb901ee95ab4a46fd55a5e0932240ea9fcce41902ad3c3a52668dca63c5dbb
SHA512

fbb536df747d1af490d0f56557e1630e99223a05dc57582506867a13b9021a0c29b3355ca524d11bd914780fb27a0eb7ebd0209113e13529e119938ab369281d
SSDEEP

3072:kChJgYMm4xf9cU9KQ2BxA59SPM2OoSn240YK0FN8lpSUyKncAxi2n:MYMm4xiWKQ2BiCMtZK03kNcATn

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.60fd3774785fc3c17b13e07b373c7510.exe
- Size
  
  426KB
- MD5
  
  60fd3774785fc3c17b13e07b373c7510
- SHA1
  
  c80fa5eb61e58911719b8c191a9d4951198d4229
- SHA256
  
  53bb901ee95ab4a46fd55a5e0932240ea9fcce41902ad3c3a52668dca63c5dbb
- SHA512
  
  fbb536df747d1af490d0f56557e1630e99223a05dc57582506867a13b9021a0c29b3355ca524d11bd914780fb27a0eb7ebd0209113e13529e119938ab369281d
- SSDEEP
  
  3072:kChJgYMm4xf9cU9KQ2BxA59SPM2OoSn240YK0FN8lpSUyKncAxi2n:MYMm4xiWKQ2BiCMtZK03kNcATn
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2