ac833ee9f27d32b1036a1bd4a11382d54eb54deb16b875b72f010938347856de | Triage

Sharing

General

Target

ac833ee9f27d32b1036a1bd4a11382d54eb54deb16b875b72f010938347856de
Size

193KB
Sample

240409-bfdqbsch4y
MD5

bdf53680a5720486a1cd6aca66f3f7c5
SHA1

999b9df4500f229eaf625397b917ea91caf6b6d2
SHA256

ac833ee9f27d32b1036a1bd4a11382d54eb54deb16b875b72f010938347856de
SHA512

e84a53103d1750aa373b1ed112b445f4ed05c232758224e2d4317f2f47c1f53ed80ebc6e62bd7e357d760f99c24e09607b05c36824e8a4dbad613a4f8de604ca
SSDEEP

1536:zvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdoSrowTFOi+:zvVQLIkLWeaA8KlCph9TrowT47

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  ac833ee9f27d32b1036a1bd4a11382d54eb54deb16b875b72f010938347856de
- Size
  
  193KB
- MD5
  
  bdf53680a5720486a1cd6aca66f3f7c5
- SHA1
  
  999b9df4500f229eaf625397b917ea91caf6b6d2
- SHA256
  
  ac833ee9f27d32b1036a1bd4a11382d54eb54deb16b875b72f010938347856de
- SHA512
  
  e84a53103d1750aa373b1ed112b445f4ed05c232758224e2d4317f2f47c1f53ed80ebc6e62bd7e357d760f99c24e09607b05c36824e8a4dbad613a4f8de604ca
- SSDEEP
  
  1536:zvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdoSrowTFOi+:zvVQLIkLWeaA8KlCph9TrowT47
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2