42c75f6c18041fb8ae1d2ec565ec98a363174f634b1512199af2bdd1fb2e6c44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.81bcee1e45047e2e85e3c9b615bf2370.exe
Size

257KB
Sample

231103-seygsafe55
MD5

81bcee1e45047e2e85e3c9b615bf2370
SHA1

7d923530d89165f6e17619bda6bd6aba1563d9f6
SHA256

42c75f6c18041fb8ae1d2ec565ec98a363174f634b1512199af2bdd1fb2e6c44
SHA512

dd2cc212891cba03a27b0220351219444691df5c100dfe53538990877f8803a5d9fcfc161e00f98a5bbf41bec6d933973c02abc85c40a1943ad3c0a6e4d0ffda
SSDEEP

3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGRk:TCc4xGxWKQ2BonxVk

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.81bcee1e45047e2e85e3c9b615bf2370.exe
- Size
  
  257KB
- MD5
  
  81bcee1e45047e2e85e3c9b615bf2370
- SHA1
  
  7d923530d89165f6e17619bda6bd6aba1563d9f6
- SHA256
  
  42c75f6c18041fb8ae1d2ec565ec98a363174f634b1512199af2bdd1fb2e6c44
- SHA512
  
  dd2cc212891cba03a27b0220351219444691df5c100dfe53538990877f8803a5d9fcfc161e00f98a5bbf41bec6d933973c02abc85c40a1943ad3c0a6e4d0ffda
- SSDEEP
  
  3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGRk:TCc4xGxWKQ2BonxVk
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2