3e13f3bc8785bb9ff03b182fac64b4ec5cf3fa6c9dc7ba7953ac632bdd2a9862 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e13f3bc8785bb9ff03b182fac64b4ec5cf3fa6c9dc7ba7953ac632bdd2a9862
Size

61KB
Sample

240601-zajldseb3x
MD5

7f701255b54f1fb039dd91808281696e
SHA1

305345a91a3deb723f4f28b18f54f61dc79f9f29
SHA256

3e13f3bc8785bb9ff03b182fac64b4ec5cf3fa6c9dc7ba7953ac632bdd2a9862
SHA512

92e00783f6813834e41211ca8c30f8944f6eaf6d0502e01e1590f16fe89291256b93639a5eff553d5acc3d6f209bd7434bed744ff05c0b65679222e390e1a72c
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS69Fz:9rqfzQQRamN8835mv7CUro+R

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  3e13f3bc8785bb9ff03b182fac64b4ec5cf3fa6c9dc7ba7953ac632bdd2a9862
- Size
  
  61KB
- MD5
  
  7f701255b54f1fb039dd91808281696e
- SHA1
  
  305345a91a3deb723f4f28b18f54f61dc79f9f29
- SHA256
  
  3e13f3bc8785bb9ff03b182fac64b4ec5cf3fa6c9dc7ba7953ac632bdd2a9862
- SHA512
  
  92e00783f6813834e41211ca8c30f8944f6eaf6d0502e01e1590f16fe89291256b93639a5eff553d5acc3d6f209bd7434bed744ff05c0b65679222e390e1a72c
- SSDEEP
  
  768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS69Fz:9rqfzQQRamN8835mv7CUro+R
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2