General
-
Target
7b3704e8fe028afa40f48980165449969d89bf31da1609a58747d2259e4e035d
-
Size
113KB
-
Sample
240424-wdcqgaec2w
-
MD5
ab7cec1db8a33c81725f34cb9900979e
-
SHA1
bd1f9fbc2204ecefb88ba391833c5ec6d2f06b4b
-
SHA256
7b3704e8fe028afa40f48980165449969d89bf31da1609a58747d2259e4e035d
-
SHA512
a2932b57da2684ca59026c1a9cf10cd23ea4a6066ca5aebb70298cd3bf7257bc7cebad19f0af608019970d5e89f3967f290e4ebfe6178de93b4babdb56606f06
-
SSDEEP
768:3x/5inm+cd5rHemPXKqUEphjVuvios1rPr4adL0NqlJMU6wiK1rEKlcIQ1TTGfoS:3xRsvcdCQjosnvnZ6grfQ1b4D
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
7b3704e8fe028afa40f48980165449969d89bf31da1609a58747d2259e4e035d
-
Size
113KB
-
MD5
ab7cec1db8a33c81725f34cb9900979e
-
SHA1
bd1f9fbc2204ecefb88ba391833c5ec6d2f06b4b
-
SHA256
7b3704e8fe028afa40f48980165449969d89bf31da1609a58747d2259e4e035d
-
SHA512
a2932b57da2684ca59026c1a9cf10cd23ea4a6066ca5aebb70298cd3bf7257bc7cebad19f0af608019970d5e89f3967f290e4ebfe6178de93b4babdb56606f06
-
SSDEEP
768:3x/5inm+cd5rHemPXKqUEphjVuvios1rPr4adL0NqlJMU6wiK1rEKlcIQ1TTGfoS:3xRsvcdCQjosnvnZ6grfQ1b4D
Score10/10-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-