e9443416d00011834758b53505eda0c87ca2fab5bd8f4d373325575d3abbcd7e | Triage

Sharing

General

Target

e9443416d00011834758b53505eda0c87ca2fab5bd8f4d373325575d3abbcd7e
Size

59KB
Sample

240605-fmblrseg6x
MD5

0a1dda615ca5fe2cff62449ce684ac4a
SHA1

adfea37fe1018971825fb2b6dadd2159570beb03
SHA256

e9443416d00011834758b53505eda0c87ca2fab5bd8f4d373325575d3abbcd7e
SHA512

6cf918d01340400c830c581a3b01dd9af96321b43d13c2a32b75b5d444b9db565034fc6a65d66b311c3d911376a04e7ee82fc77678a51a4956834a16e99d8e6e
SSDEEP

768:9qSqC8+N5ozQQtncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqklDU:9rqfzQQtamN8835mv7CUroqke

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  e9443416d00011834758b53505eda0c87ca2fab5bd8f4d373325575d3abbcd7e
- Size
  
  59KB
- MD5
  
  0a1dda615ca5fe2cff62449ce684ac4a
- SHA1
  
  adfea37fe1018971825fb2b6dadd2159570beb03
- SHA256
  
  e9443416d00011834758b53505eda0c87ca2fab5bd8f4d373325575d3abbcd7e
- SHA512
  
  6cf918d01340400c830c581a3b01dd9af96321b43d13c2a32b75b5d444b9db565034fc6a65d66b311c3d911376a04e7ee82fc77678a51a4956834a16e99d8e6e
- SSDEEP
  
  768:9qSqC8+N5ozQQtncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqklDU:9rqfzQQtamN8835mv7CUroqke
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2