262d7c9dfc8db1cc7a64f0b28ee87a2e4fe035ef6bf80a191378ab545d0f9f94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.289a30f553b86a835fc47ac20413ce70.exe
Size

190KB
Sample

231112-lp1assfa63
MD5

289a30f553b86a835fc47ac20413ce70
SHA1

2029cbb9bf09f867c3bf6724b858b660ed69772b
SHA256

262d7c9dfc8db1cc7a64f0b28ee87a2e4fe035ef6bf80a191378ab545d0f9f94
SHA512

85096c1d5644ca6732c1e6955fd4e6d66c6d465e673263b1ba9a4755dd8e2c578893578a9a5343e645a82961503460fc0b80b20855c2ccd02fe22caeeb063bee
SSDEEP

1536:LfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjfSqoWQQnea:LfVLWlTTbEGe9AJKlCvIUlqoW5nL

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.289a30f553b86a835fc47ac20413ce70.exe
- Size
  
  190KB
- MD5
  
  289a30f553b86a835fc47ac20413ce70
- SHA1
  
  2029cbb9bf09f867c3bf6724b858b660ed69772b
- SHA256
  
  262d7c9dfc8db1cc7a64f0b28ee87a2e4fe035ef6bf80a191378ab545d0f9f94
- SHA512
  
  85096c1d5644ca6732c1e6955fd4e6d66c6d465e673263b1ba9a4755dd8e2c578893578a9a5343e645a82961503460fc0b80b20855c2ccd02fe22caeeb063bee
- SSDEEP
  
  1536:LfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjfSqoWQQnea:LfVLWlTTbEGe9AJKlCvIUlqoW5nL
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2