2dea2ca6c3ea42cfdcfb3a250384e4ab661496a5b8dbbd194a648a401be1989e | Triage

Sharing

General

Target

2dea2ca6c3ea42cfdcfb3a250384e4ab661496a5b8dbbd194a648a401be1989e
Size

2.5MB
Sample

240522-yv9smseh24
MD5

e7fd7aecb774b78a8ef6f6753d1850f1
SHA1

da9db3340e65dd08378bb76acfabaea299b743fb
SHA256

2dea2ca6c3ea42cfdcfb3a250384e4ab661496a5b8dbbd194a648a401be1989e
SHA512

a33557e0d8fd3d7292e4dfae32df4f3098716ef42cfdd816508b7e4ab709277741a173a1d83e3747a7514f286debfdb5a96113ee5e945a454ce6844cb9ee2e35
SSDEEP

49152:pVKv5Bl8Xc+dOhXuDd93VuDXd+549ixt3LInYXAc/N5bzI2cZ9eJZ:kydlLF8Xs49St3LIYXAc/N5bzIFCJZ

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost6.com
Port:
21
Username:
b6_9261312
Password:
741852

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2dea2ca6c3ea42cfdcfb3a250384e4ab661496a5b8dbbd194a648a401be1989e
- Size
  
  2.5MB
- MD5
  
  e7fd7aecb774b78a8ef6f6753d1850f1
- SHA1
  
  da9db3340e65dd08378bb76acfabaea299b743fb
- SHA256
  
  2dea2ca6c3ea42cfdcfb3a250384e4ab661496a5b8dbbd194a648a401be1989e
- SHA512
  
  a33557e0d8fd3d7292e4dfae32df4f3098716ef42cfdd816508b7e4ab709277741a173a1d83e3747a7514f286debfdb5a96113ee5e945a454ce6844cb9ee2e35
- SSDEEP
  
  49152:pVKv5Bl8Xc+dOhXuDd93VuDXd+549ixt3LInYXAc/N5bzI2cZ9eJZ:kydlLF8Xs49St3LIYXAc/N5bzIFCJZ
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2