60a828dce91a199f720ab96f365be16e704b381eb535985923b2248a800ba0f0 | Triage

Sharing

General

Target

7e914b106544ee25bf3969c31156716b
Size

196KB
Sample

240409-ymk5bage33
MD5

7e914b106544ee25bf3969c31156716b
SHA1

6975e0e86bfe68e43363501e63b0236b7582f799
SHA256

60a828dce91a199f720ab96f365be16e704b381eb535985923b2248a800ba0f0
SHA512

ef4e491b23fe85e01a199419c30df35ef2cb6d05e03b300f0ded7b5ffe7d3bf0a0746ef9face10c9382950e675c3d90bb7cc6cdb143c0b0c7e8d9ba6ec946fd6
SSDEEP

1536:sfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjUSqoWZQnem:sfVLWlTTbEGe9AJKlCvIUuqoWqnb

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  7e914b106544ee25bf3969c31156716b
- Size
  
  196KB
- MD5
  
  7e914b106544ee25bf3969c31156716b
- SHA1
  
  6975e0e86bfe68e43363501e63b0236b7582f799
- SHA256
  
  60a828dce91a199f720ab96f365be16e704b381eb535985923b2248a800ba0f0
- SHA512
  
  ef4e491b23fe85e01a199419c30df35ef2cb6d05e03b300f0ded7b5ffe7d3bf0a0746ef9face10c9382950e675c3d90bb7cc6cdb143c0b0c7e8d9ba6ec946fd6
- SSDEEP
  
  1536:sfVLuTnlTTy9uEGe9t2oKLjWlCu8i9pUJANjUSqoWZQnem:sfVLWlTTbEGe9AJKlCvIUuqoWqnb
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2