e6a159e516ba717432dfb3e8ec99116a550da0bf252a37703c49d1d3098c9996 | Triage

Sharing

General

Target

NEAS.00132a03b84d5f0b3514547edcc74ec0.exe
Size

252KB
Sample

231117-c1tsqaeg5v
MD5

00132a03b84d5f0b3514547edcc74ec0
SHA1

e89aafd9bede2ed73b83bb18ff3ba88711f68a91
SHA256

e6a159e516ba717432dfb3e8ec99116a550da0bf252a37703c49d1d3098c9996
SHA512

115af219c2af729fd27467146b21addb573f90efdac1689772f9e0657f2e7877cee07935d7f7236b45965f4be54b68615fa0b1eff359fbfb3d489cb85f80f1d8
SSDEEP

3072:afVLWlTTbEGe9AJKlCvIU4qoW1nI5bdLFVgw:cVqdT3GcQ4T7EHVP

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  NEAS.00132a03b84d5f0b3514547edcc74ec0.exe
- Size
  
  252KB
- MD5
  
  00132a03b84d5f0b3514547edcc74ec0
- SHA1
  
  e89aafd9bede2ed73b83bb18ff3ba88711f68a91
- SHA256
  
  e6a159e516ba717432dfb3e8ec99116a550da0bf252a37703c49d1d3098c9996
- SHA512
  
  115af219c2af729fd27467146b21addb573f90efdac1689772f9e0657f2e7877cee07935d7f7236b45965f4be54b68615fa0b1eff359fbfb3d489cb85f80f1d8
- SSDEEP
  
  3072:afVLWlTTbEGe9AJKlCvIU4qoW1nI5bdLFVgw:cVqdT3GcQ4T7EHVP
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2