2e7e2b430145b75f8c2c28dd0db907019a5d278ce488cc82ccf875433df33c48 | Triage

Sharing

General

Target

virussign.com_5d049dc061483a053d31349dda6ce4a0.vir
Size

58KB
Sample

240528-t15cwsbh4w
MD5

5d049dc061483a053d31349dda6ce4a0
SHA1

ff81ad577ac388542e87000829e425ea3e23e22e
SHA256

2e7e2b430145b75f8c2c28dd0db907019a5d278ce488cc82ccf875433df33c48
SHA512

e00b2c5df4ceb5091572e7a739d67c0ccaffe4ce8b1ace96c5061fb327c68e3a8daed85baac045f3a12bdc826cfaca0494d00f94fca714a85bd84f180180c0a6
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqkl:9rqfzQQRamN8835mv7CUroqkl

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  virussign.com_5d049dc061483a053d31349dda6ce4a0.vir
- Size
  
  58KB
- MD5
  
  5d049dc061483a053d31349dda6ce4a0
- SHA1
  
  ff81ad577ac388542e87000829e425ea3e23e22e
- SHA256
  
  2e7e2b430145b75f8c2c28dd0db907019a5d278ce488cc82ccf875433df33c48
- SHA512
  
  e00b2c5df4ceb5091572e7a739d67c0ccaffe4ce8b1ace96c5061fb327c68e3a8daed85baac045f3a12bdc826cfaca0494d00f94fca714a85bd84f180180c0a6
- SSDEEP
  
  768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqkl:9rqfzQQRamN8835mv7CUroqkl
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2