c2197d294b0bff754524c36d688578607c2c82970255053405230aa898e3a6d4 | Triage

Sharing

General

Target

c2197d294b0bff754524c36d688578607c2c82970255053405230aa898e3a6d4
Size

74KB
Sample

240524-dbzs4saf2t
MD5

388174eeb5348b0dd998153332fd0f50
SHA1

3efc6a00edf83c777aed32cf9256a8df26b6ddc4
SHA256

c2197d294b0bff754524c36d688578607c2c82970255053405230aa898e3a6d4
SHA512

ddd1547fcd057723fdd290a1489f69e869cabfc13e6eaa1ed955b143f130ba6a99d2585fc2b37ec33679a65f6d419ec44e57c98e9921d3e9d68198d76768ccb1
SSDEEP

1536:EQTIubHy5wQiNZgHLl7qJc2fiMIRZprDa8ibxBefES:d4wlNaLlqy2MtDMBIt

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  c2197d294b0bff754524c36d688578607c2c82970255053405230aa898e3a6d4
- Size
  
  74KB
- MD5
  
  388174eeb5348b0dd998153332fd0f50
- SHA1
  
  3efc6a00edf83c777aed32cf9256a8df26b6ddc4
- SHA256
  
  c2197d294b0bff754524c36d688578607c2c82970255053405230aa898e3a6d4
- SHA512
  
  ddd1547fcd057723fdd290a1489f69e869cabfc13e6eaa1ed955b143f130ba6a99d2585fc2b37ec33679a65f6d419ec44e57c98e9921d3e9d68198d76768ccb1
- SSDEEP
  
  1536:EQTIubHy5wQiNZgHLl7qJc2fiMIRZprDa8ibxBefES:d4wlNaLlqy2MtDMBIt
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2