75b9334dfa6a24fd717790b1793c80f2e2c909d4bf521eb11b44dac639e4a4f7 | Triage

Sharing

General

Target

NEAS.b6bf311f5cf6c92b5a77eefdc1bcdb00.exe
Size

86KB
Sample

231106-1bmvwafd4z
MD5

b6bf311f5cf6c92b5a77eefdc1bcdb00
SHA1

907d651d21732aa561c899c64394d857f1adbeca
SHA256

75b9334dfa6a24fd717790b1793c80f2e2c909d4bf521eb11b44dac639e4a4f7
SHA512

ddfb41673aff22b9d7b4102e05a5e8b67d0d216ac99c92678cf86c29e731ff18074d79733f6be7f8a1b397d928e75efefc967bf8d9a343e7b0e6088190349ea1
SSDEEP

1536:JdXkE87nccOtwqsIcGIjAPdrl8HQpCXs8T3yL:rUE87cxtplAKriHWCXs8G

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.b6bf311f5cf6c92b5a77eefdc1bcdb00.exe
- Size
  
  86KB
- MD5
  
  b6bf311f5cf6c92b5a77eefdc1bcdb00
- SHA1
  
  907d651d21732aa561c899c64394d857f1adbeca
- SHA256
  
  75b9334dfa6a24fd717790b1793c80f2e2c909d4bf521eb11b44dac639e4a4f7
- SHA512
  
  ddfb41673aff22b9d7b4102e05a5e8b67d0d216ac99c92678cf86c29e731ff18074d79733f6be7f8a1b397d928e75efefc967bf8d9a343e7b0e6088190349ea1
- SSDEEP
  
  1536:JdXkE87nccOtwqsIcGIjAPdrl8HQpCXs8T3yL:rUE87cxtplAKriHWCXs8G
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2