27254d558501ac21719efe1bbf7582f72bedc22c79e4bae982c36c145d04c156 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27254d558501ac21719efe1bbf7582f72bedc22c79e4bae982c36c145d04c156
Size

43KB
Sample

240511-yfnxmaha77
MD5

7d2e0dd1d05508b5d0920d235f6dbe31
SHA1

9c9b00da91fdd316bbb625f2e13a4a458cbc7aed
SHA256

27254d558501ac21719efe1bbf7582f72bedc22c79e4bae982c36c145d04c156
SHA512

1d2fe31fac512df23d49b7bb69299a914580ac4b0a44eb28a8a20facce7d1ec1642436d7703754ad74ba38e1e6cae0fc729e139c1b9cf556ebc790fe824db202
SSDEEP

768:qflivXrVKpVhKvtxwYHwVFoeAQdmucwU2AXW4oo:8lqrVKprVuQdut

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  27254d558501ac21719efe1bbf7582f72bedc22c79e4bae982c36c145d04c156
- Size
  
  43KB
- MD5
  
  7d2e0dd1d05508b5d0920d235f6dbe31
- SHA1
  
  9c9b00da91fdd316bbb625f2e13a4a458cbc7aed
- SHA256
  
  27254d558501ac21719efe1bbf7582f72bedc22c79e4bae982c36c145d04c156
- SHA512
  
  1d2fe31fac512df23d49b7bb69299a914580ac4b0a44eb28a8a20facce7d1ec1642436d7703754ad74ba38e1e6cae0fc729e139c1b9cf556ebc790fe824db202
- SSDEEP
  
  768:qflivXrVKpVhKvtxwYHwVFoeAQdmucwU2AXW4oo:8lqrVKprVuQdut
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2