702aef58db326b3dca6dd005367887499c85ef6956d5449ea4624f411bd22670 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

702aef58db326b3dca6dd005367887499c85ef6956d5449ea4624f411bd22670
Size

195KB
Sample

240405-2pb6zaed4v
MD5

5b47099d8b3c32c505d8c7ebe4eeef1e
SHA1

a80cf532515af21f91eea288e396283463f7bf2a
SHA256

702aef58db326b3dca6dd005367887499c85ef6956d5449ea4624f411bd22670
SHA512

ce66c2ce83f10bacb6d44210f952bb0c74ead0b829eed28042a1e0c5e6ff24b443111dc1fe33b19ec0fe6846c27c6a2624de4532842445b559029a7812c375b3
SSDEEP

1536:HfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjiSqoWfQneMe:HfVLWlTTbEGe9AJKlCvIUkqoWInM

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  702aef58db326b3dca6dd005367887499c85ef6956d5449ea4624f411bd22670
- Size
  
  195KB
- MD5
  
  5b47099d8b3c32c505d8c7ebe4eeef1e
- SHA1
  
  a80cf532515af21f91eea288e396283463f7bf2a
- SHA256
  
  702aef58db326b3dca6dd005367887499c85ef6956d5449ea4624f411bd22670
- SHA512
  
  ce66c2ce83f10bacb6d44210f952bb0c74ead0b829eed28042a1e0c5e6ff24b443111dc1fe33b19ec0fe6846c27c6a2624de4532842445b559029a7812c375b3
- SSDEEP
  
  1536:HfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjiSqoWfQneMe:HfVLWlTTbEGe9AJKlCvIUkqoWInM
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2