64d8127299c874eab654438e7a9c6479291a8a945ad3d7f2fe8cc3454cc8dfee | Triage

Sharing

General

Target

NEAS.0ee6ec845b4f980d1c828cc993d52b00.exe
Size

225KB
Sample

231106-yvqd1aeb8x
MD5

0ee6ec845b4f980d1c828cc993d52b00
SHA1

6d4f8ec2a1001cdf28cd86f359180fe66d7c69a2
SHA256

64d8127299c874eab654438e7a9c6479291a8a945ad3d7f2fe8cc3454cc8dfee
SHA512

ed0756435af500f438b326e8ed0ce422fcf6554b09d4472f7d48a92644e8644d6f12f60e4af871045a2dce66f06c956095e55f4a877e6080a5d35c51fc92b193
SSDEEP

3072:cVHgCc4xGvbwcU9KQ2BBAHmaPxsWVojb5ES:ZCc4xGxWKQ2BonxsF

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.0ee6ec845b4f980d1c828cc993d52b00.exe
- Size
  
  225KB
- MD5
  
  0ee6ec845b4f980d1c828cc993d52b00
- SHA1
  
  6d4f8ec2a1001cdf28cd86f359180fe66d7c69a2
- SHA256
  
  64d8127299c874eab654438e7a9c6479291a8a945ad3d7f2fe8cc3454cc8dfee
- SHA512
  
  ed0756435af500f438b326e8ed0ce422fcf6554b09d4472f7d48a92644e8644d6f12f60e4af871045a2dce66f06c956095e55f4a877e6080a5d35c51fc92b193
- SSDEEP
  
  3072:cVHgCc4xGvbwcU9KQ2BBAHmaPxsWVojb5ES:ZCc4xGxWKQ2BonxsF
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2