General
-
Target
57606f7e771a7470d6b39268eae5426f31b0b8eb8731f05c176af6a2c2aca2e9
-
Size
41KB
-
Sample
240501-1st1hsha3z
-
MD5
58446d2e8ffbbc9e2e7899a997f79dcf
-
SHA1
6a4d47e1b1aa88755224928963a46b81bee5ee18
-
SHA256
57606f7e771a7470d6b39268eae5426f31b0b8eb8731f05c176af6a2c2aca2e9
-
SHA512
a4644a6e77229117f3861f9d7b80d064397e889f24852ccde432852e4581eba4d31d163d6966a7b5eb909c5ff47350aeac8c2971ac9ed60cf8002dd16506121a
-
SSDEEP
768:xIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77DPQ1TTGfGYhP:xI0OGrOy6NvSpMZrQ1JO
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
57606f7e771a7470d6b39268eae5426f31b0b8eb8731f05c176af6a2c2aca2e9
-
Size
41KB
-
MD5
58446d2e8ffbbc9e2e7899a997f79dcf
-
SHA1
6a4d47e1b1aa88755224928963a46b81bee5ee18
-
SHA256
57606f7e771a7470d6b39268eae5426f31b0b8eb8731f05c176af6a2c2aca2e9
-
SHA512
a4644a6e77229117f3861f9d7b80d064397e889f24852ccde432852e4581eba4d31d163d6966a7b5eb909c5ff47350aeac8c2971ac9ed60cf8002dd16506121a
-
SSDEEP
768:xIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77DPQ1TTGfGYhP:xI0OGrOy6NvSpMZrQ1JO
Score10/10-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-