Overview

overview

10

Static

static

3

NEAS.71fc9...80.exe

windows7-x64

10

NEAS.71fc9...80.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.71fc9da2295d2c857488fbcde6bb5480.exe

  • Size

    322KB

  • Sample

    231101-rhrmzada3v

  • MD5

    71fc9da2295d2c857488fbcde6bb5480

  • SHA1

    265d05b8d6a5b03ce3d16c7050d25bd00420bfa8

  • SHA256

    58e2ed68c0c744bd3172a2877c14f2f73b515eb5c260cc7a2274851660259d18

  • SHA512

    d5fb6449ed9c415f1e2d41acc84dcb0e7d43ed167d57964c399bfb18ed0a5a5d0511bdf42a87513913ff488ca797a18d7c66a82134ec0557802a470c11ab8c78

  • SSDEEP

    3072:cVHgCc4xGvbwcU9KQ2BBAHmaPx9/omb5ELCBLYvQd2G:ZCc4xGxWKQ2Bonx8CmG

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.71fc9da2295d2c857488fbcde6bb5480.exe

    • Size

      322KB

    • MD5

      71fc9da2295d2c857488fbcde6bb5480

    • SHA1

      265d05b8d6a5b03ce3d16c7050d25bd00420bfa8

    • SHA256

      58e2ed68c0c744bd3172a2877c14f2f73b515eb5c260cc7a2274851660259d18

    • SHA512

      d5fb6449ed9c415f1e2d41acc84dcb0e7d43ed167d57964c399bfb18ed0a5a5d0511bdf42a87513913ff488ca797a18d7c66a82134ec0557802a470c11ab8c78

    • SSDEEP

      3072:cVHgCc4xGvbwcU9KQ2BBAHmaPx9/omb5ELCBLYvQd2G:ZCc4xGxWKQ2Bonx8CmG

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks