f6276dea425167bc7f697638a405bc0ceaab1c04a7a44170a3bdbce33df44895 | Triage

Sharing

General

Target

faded72e559fc28a11d74a3f499df3f3
Size

205KB
Sample

240409-zhemeaeb4s
MD5

faded72e559fc28a11d74a3f499df3f3
SHA1

aad9220deb05a228b141fbc5fbbece8b8e31c599
SHA256

f6276dea425167bc7f697638a405bc0ceaab1c04a7a44170a3bdbce33df44895
SHA512

4d432c3ccb6d95b1d49cb3adc09fefff339d226a0e1da42b92c1e544707660408e7dd3e78588961d42d4793b83bc0bec11fdb212c9135c9d2be000ec1385875f
SSDEEP

1536:6vVte+DYkayZ+OttmxKLjWlSA8Zp5JAOjGSHoWRsmhZLgY:6vVt6ka8+OtAcKlSRz5ZHoWn3

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  faded72e559fc28a11d74a3f499df3f3
- Size
  
  205KB
- MD5
  
  faded72e559fc28a11d74a3f499df3f3
- SHA1
  
  aad9220deb05a228b141fbc5fbbece8b8e31c599
- SHA256
  
  f6276dea425167bc7f697638a405bc0ceaab1c04a7a44170a3bdbce33df44895
- SHA512
  
  4d432c3ccb6d95b1d49cb3adc09fefff339d226a0e1da42b92c1e544707660408e7dd3e78588961d42d4793b83bc0bec11fdb212c9135c9d2be000ec1385875f
- SSDEEP
  
  1536:6vVte+DYkayZ+OttmxKLjWlSA8Zp5JAOjGSHoWRsmhZLgY:6vVt6ka8+OtAcKlSRz5ZHoWn3
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2