f8746f4d37dfd31eb6dcff65cee7289d093ad6d566a2c3d8f816c509abaeee3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7ea9c16b34e0ff5c011e481708696490.exe
Size

426KB
Sample

231028-yn3ezsgg3s
MD5

7ea9c16b34e0ff5c011e481708696490
SHA1

faab454e94a3b3317b0cb046e756199755dae372
SHA256

f8746f4d37dfd31eb6dcff65cee7289d093ad6d566a2c3d8f816c509abaeee3d
SHA512

ac4cb391c5a99a445aaf464d14780f6af81d7c0d389a7b7e38a6ca1d0494bdc492a3f503c1e9fd2eb1edfa0f9d7a936c3f5a7977cfbb85c2d923780598741764
SSDEEP

3072:TChJgYMm4xf9cU9KQ2BxA59SPM2Oojn2l0YK0FN8lpSUyKncAxi2vv:/YMm4xiWKQ2BiCM9ZK03kNcATn

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.7ea9c16b34e0ff5c011e481708696490.exe
- Size
  
  426KB
- MD5
  
  7ea9c16b34e0ff5c011e481708696490
- SHA1
  
  faab454e94a3b3317b0cb046e756199755dae372
- SHA256
  
  f8746f4d37dfd31eb6dcff65cee7289d093ad6d566a2c3d8f816c509abaeee3d
- SHA512
  
  ac4cb391c5a99a445aaf464d14780f6af81d7c0d389a7b7e38a6ca1d0494bdc492a3f503c1e9fd2eb1edfa0f9d7a936c3f5a7977cfbb85c2d923780598741764
- SSDEEP
  
  3072:TChJgYMm4xf9cU9KQ2BxA59SPM2Oojn2l0YK0FN8lpSUyKncAxi2vv:/YMm4xiWKQ2BiCM9ZK03kNcATn
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2