c4261fa7e40e1be389cfc1278792e89020d9660a46c88ade187beef0405910c8 | Triage

Sharing

General

Target

c4261fa7e40e1be389cfc1278792e89020d9660a46c88ade187beef0405910c8
Size

46KB
Sample

240409-clwnrseh5z
MD5

86e5a136186cff25661ee485a7cd4dcf
SHA1

1e2b95ffcc1e70014cf787578e85abcf07230aad
SHA256

c4261fa7e40e1be389cfc1278792e89020d9660a46c88ade187beef0405910c8
SHA512

cd2cde25b1c3b2f4297b409a4c8f7a60249c03ff88fc5c2ef50bb26d8922b5d0db1563821d462e39a3d85cbd39351c6bee04e050ca3ae4e8fe6efc3286ea8f4f
SSDEEP

768:6zQYScGrIubHuYtv0xwYHw5FAe2Qxncwx8Nwv92emBevS68:8QTIubHR5wQxAyFvSh

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  c4261fa7e40e1be389cfc1278792e89020d9660a46c88ade187beef0405910c8
- Size
  
  46KB
- MD5
  
  86e5a136186cff25661ee485a7cd4dcf
- SHA1
  
  1e2b95ffcc1e70014cf787578e85abcf07230aad
- SHA256
  
  c4261fa7e40e1be389cfc1278792e89020d9660a46c88ade187beef0405910c8
- SHA512
  
  cd2cde25b1c3b2f4297b409a4c8f7a60249c03ff88fc5c2ef50bb26d8922b5d0db1563821d462e39a3d85cbd39351c6bee04e050ca3ae4e8fe6efc3286ea8f4f
- SSDEEP
  
  768:6zQYScGrIubHuYtv0xwYHw5FAe2Qxncwx8Nwv92emBevS68:8QTIubHR5wQxAyFvSh
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2