2ecc067ae4df0251c5c1fb582d0d4855b2561c00577e9b987a5c36d0b8a8caac | Triage

Sharing

General

Target

2ecc067ae4df0251c5c1fb582d0d4855b2561c00577e9b987a5c36d0b8a8caac
Size

261KB
Sample

240422-y4xjnsfg32
MD5

b280a941718b0d6c468b980cf564bc02
SHA1

28aa7dce945a19ddb2b28c8468e55d22ac5d5d81
SHA256

2ecc067ae4df0251c5c1fb582d0d4855b2561c00577e9b987a5c36d0b8a8caac
SHA512

596a5e5ed2ccdccdd247093ac294a88de0a7425781d182480a8e7c7b81745e5e398c2ed9678abc1c79b1a822632139b49fc175edfda0a0938780ae77e5dd5611
SSDEEP

3072:O7BMvaWjzrLXQQJKgmSBAVpet2Ago1lMZ9:saaWjz/gGKgmS+k2ai

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2ecc067ae4df0251c5c1fb582d0d4855b2561c00577e9b987a5c36d0b8a8caac
- Size
  
  261KB
- MD5
  
  b280a941718b0d6c468b980cf564bc02
- SHA1
  
  28aa7dce945a19ddb2b28c8468e55d22ac5d5d81
- SHA256
  
  2ecc067ae4df0251c5c1fb582d0d4855b2561c00577e9b987a5c36d0b8a8caac
- SHA512
  
  596a5e5ed2ccdccdd247093ac294a88de0a7425781d182480a8e7c7b81745e5e398c2ed9678abc1c79b1a822632139b49fc175edfda0a0938780ae77e5dd5611
- SSDEEP
  
  3072:O7BMvaWjzrLXQQJKgmSBAVpet2Ago1lMZ9:saaWjz/gGKgmS+k2ai
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2