8d3fe2a3a67d6849f96506ef076709f4041a2e65c8be1666537235f2f5172be4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d3fe2a3a67d6849f96506ef076709f4041a2e65c8be1666537235f2f5172be4
Size

67KB
Sample

240604-ac1v1sea7t
MD5

2dbc171b74fa0a94aceb3f5266469f36
SHA1

da42bc205eb660f47d922be851b0b91c116c640b
SHA256

8d3fe2a3a67d6849f96506ef076709f4041a2e65c8be1666537235f2f5172be4
SHA512

7b1b194c912a721bcb3a5c7380c507d90e7326d60085299ef7d8ee94bc7457ae83edb74562cebde53efba826e93e9fa9778d410b40b587dd88c3b7bf8e1ec115
SSDEEP

1536:CdXkE87nccOtwqsIcGIjAPdrl8RQpFk0cW:uUE87cxtplAKriRWKW

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  8d3fe2a3a67d6849f96506ef076709f4041a2e65c8be1666537235f2f5172be4
- Size
  
  67KB
- MD5
  
  2dbc171b74fa0a94aceb3f5266469f36
- SHA1
  
  da42bc205eb660f47d922be851b0b91c116c640b
- SHA256
  
  8d3fe2a3a67d6849f96506ef076709f4041a2e65c8be1666537235f2f5172be4
- SHA512
  
  7b1b194c912a721bcb3a5c7380c507d90e7326d60085299ef7d8ee94bc7457ae83edb74562cebde53efba826e93e9fa9778d410b40b587dd88c3b7bf8e1ec115
- SSDEEP
  
  1536:CdXkE87nccOtwqsIcGIjAPdrl8RQpFk0cW:uUE87cxtplAKriRWKW
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2