d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709 | Triage

Sharing

General

Target

NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
Size

145KB
Sample

231117-vgz5habd56
MD5

d8362873ab63b6d1228a8b981b16fa1f
SHA1

9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82
SHA256

d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709
SHA512

8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a
SSDEEP

768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
- Size
  
  145KB
- MD5
  
  d8362873ab63b6d1228a8b981b16fa1f
- SHA1
  
  9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82
- SHA256
  
  d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709
- SHA512
  
  8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a
- SSDEEP
  
  768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2