6434f68c677ed3d9ecf60cf3895c4bdf0d2a2761d497d8490ecd7767acf20a0b | Triage

Sharing

General

Target

6434f68c677ed3d9ecf60cf3895c4bdf0d2a2761d497d8490ecd7767acf20a0b
Size

338KB
Sample

240422-2seq9shd8x
MD5

bdcb97c4b014c370560571f3c4e101ae
SHA1

23c25b0f8b17a11f7a686b4af4f8e071ebc78b83
SHA256

6434f68c677ed3d9ecf60cf3895c4bdf0d2a2761d497d8490ecd7767acf20a0b
SHA512

aa93e174ed7b226dcb9aae7f8e36de3cf3a2f0b5fe6c652e02e49d338dd108a7abe4ea9789092cb4731c02d5563eca1ead49f1eb0c7d1faddceb6b84fff83b87
SSDEEP

3072:N53mQ7JtnP5I09qgmBBAWgjSvwx/o0WBAYEQ3/AeohItgs6CFtIaxv8gD8Lll0Qo:bmKJtna2qgmBNgQwwAw/SItgtwt0p5bM

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  6434f68c677ed3d9ecf60cf3895c4bdf0d2a2761d497d8490ecd7767acf20a0b
- Size
  
  338KB
- MD5
  
  bdcb97c4b014c370560571f3c4e101ae
- SHA1
  
  23c25b0f8b17a11f7a686b4af4f8e071ebc78b83
- SHA256
  
  6434f68c677ed3d9ecf60cf3895c4bdf0d2a2761d497d8490ecd7767acf20a0b
- SHA512
  
  aa93e174ed7b226dcb9aae7f8e36de3cf3a2f0b5fe6c652e02e49d338dd108a7abe4ea9789092cb4731c02d5563eca1ead49f1eb0c7d1faddceb6b84fff83b87
- SSDEEP
  
  3072:N53mQ7JtnP5I09qgmBBAWgjSvwx/o0WBAYEQ3/AeohItgs6CFtIaxv8gD8Lll0Qo:bmKJtna2qgmBNgQwwAw/SItgtwt0p5bM
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2