30b824a01f37385a83e9d5babc7cd244e21158fa8b6819e947f965558498fdbf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f5cdcf0af03b24ecc8f2fa8a05cf6d50.exe
Size

233KB
Sample

231107-trgv8sbe8s
MD5

f5cdcf0af03b24ecc8f2fa8a05cf6d50
SHA1

275f1addf6712c66afb3c631f31a69a8c8a9b98f
SHA256

30b824a01f37385a83e9d5babc7cd244e21158fa8b6819e947f965558498fdbf
SHA512

53295c8f711245612d875790aed4a6606dbbdfd62404c807a5a81b3997bf6270dea5397da7b7b47b92824238ca346bc91b3d4f3ea9eb22bc8613c8a193e09e8e
SSDEEP

3072:HePgCctxGv4QcU9KQ2BBA2waPxQtmolNjAHyuIuF8q:TCctxGsWKQ2Bx5xIZjArIS8q

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.f5cdcf0af03b24ecc8f2fa8a05cf6d50.exe
- Size
  
  233KB
- MD5
  
  f5cdcf0af03b24ecc8f2fa8a05cf6d50
- SHA1
  
  275f1addf6712c66afb3c631f31a69a8c8a9b98f
- SHA256
  
  30b824a01f37385a83e9d5babc7cd244e21158fa8b6819e947f965558498fdbf
- SHA512
  
  53295c8f711245612d875790aed4a6606dbbdfd62404c807a5a81b3997bf6270dea5397da7b7b47b92824238ca346bc91b3d4f3ea9eb22bc8613c8a193e09e8e
- SSDEEP
  
  3072:HePgCctxGv4QcU9KQ2BBA2waPxQtmolNjAHyuIuF8q:TCctxGsWKQ2Bx5xIZjArIS8q
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2