a634b5725dc56836a0ebd654ddc5789d79cb63a0e80be2e12e8a6b16e055d8b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.22f6a4bc34e9353a861dbe910cd7db90.exe
Size

341KB
Sample

231112-lv22ksef3x
MD5

22f6a4bc34e9353a861dbe910cd7db90
SHA1

499c8dd4dfd90ab8d4ccc620687d41babef08627
SHA256

a634b5725dc56836a0ebd654ddc5789d79cb63a0e80be2e12e8a6b16e055d8b9
SHA512

02bd750df6e51c55732ae7c7a096dc9c7e72a0f22e4cc9badbe39293ca99c3ad42d493123704e979cc919858370d684520eb24d3367e9729e7fe15e5b238c7ba
SSDEEP

3072:jChJgYMm4xf9cU9KQ2BxA59SPM/Oorn2JzE:vYMm4xiWKQ2BiCMszE

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.22f6a4bc34e9353a861dbe910cd7db90.exe
- Size
  
  341KB
- MD5
  
  22f6a4bc34e9353a861dbe910cd7db90
- SHA1
  
  499c8dd4dfd90ab8d4ccc620687d41babef08627
- SHA256
  
  a634b5725dc56836a0ebd654ddc5789d79cb63a0e80be2e12e8a6b16e055d8b9
- SHA512
  
  02bd750df6e51c55732ae7c7a096dc9c7e72a0f22e4cc9badbe39293ca99c3ad42d493123704e979cc919858370d684520eb24d3367e9729e7fe15e5b238c7ba
- SSDEEP
  
  3072:jChJgYMm4xf9cU9KQ2BxA59SPM/Oorn2JzE:vYMm4xiWKQ2BiCMszE
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2