83344b22f5a731593752832643e665958450793396cb7d1b7e24070a4bceb61c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28636536e8570497703f522ac6e41180_NEIKI
Size

261KB
Sample

240508-ygjpasef38
MD5

28636536e8570497703f522ac6e41180
SHA1

27efd4bb0ff89603c1a341609077fb87ec378989
SHA256

83344b22f5a731593752832643e665958450793396cb7d1b7e24070a4bceb61c
SHA512

1d91e52f2bf5b8955d328210957d482321b716122e563e50dff0e2ee412c69666ec1be3d405f6baa70305b67945b1aa6c933656555c0485a2f57168e537e15f7
SSDEEP

1536:P5AiTLOQk4YDtnlN5UL09atT0mBBAragjSvIYFwAmd/o0QpNur:P53mQkJtnP5I09qgmBBAWgjSvwN/o0Wc

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  28636536e8570497703f522ac6e41180_NEIKI
- Size
  
  261KB
- MD5
  
  28636536e8570497703f522ac6e41180
- SHA1
  
  27efd4bb0ff89603c1a341609077fb87ec378989
- SHA256
  
  83344b22f5a731593752832643e665958450793396cb7d1b7e24070a4bceb61c
- SHA512
  
  1d91e52f2bf5b8955d328210957d482321b716122e563e50dff0e2ee412c69666ec1be3d405f6baa70305b67945b1aa6c933656555c0485a2f57168e537e15f7
- SSDEEP
  
  1536:P5AiTLOQk4YDtnlN5UL09atT0mBBAragjSvIYFwAmd/o0QpNur:P53mQkJtnP5I09qgmBBAWgjSvwN/o0Wc
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2