42655948ed667537c31dd23827b9b2449c772afc334991328cf47ad2ba535063 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42655948ed667537c31dd23827b9b2449c772afc334991328cf47ad2ba535063
Size

59KB
Sample

240610-z8pkas1bmd
MD5

35eeb6fd6ed7f519c21979d93c8205cd
SHA1

67613c9ad892ba93b6eed8f62f7364a516cf45ed
SHA256

42655948ed667537c31dd23827b9b2449c772afc334991328cf47ad2ba535063
SHA512

8c765812350efbf54caa3e512057ed0ead87bcf635ee398dfcade675dbdd9cc4b37126c7484cfdb408de64c0d3b7494e5d96048e54862bde7a2e2bc489d52a98
SSDEEP

768:9qSqC8+N5ozQQsncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqkz:9rqfzQQsamN8835mv7CUroqkz

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  42655948ed667537c31dd23827b9b2449c772afc334991328cf47ad2ba535063
- Size
  
  59KB
- MD5
  
  35eeb6fd6ed7f519c21979d93c8205cd
- SHA1
  
  67613c9ad892ba93b6eed8f62f7364a516cf45ed
- SHA256
  
  42655948ed667537c31dd23827b9b2449c772afc334991328cf47ad2ba535063
- SHA512
  
  8c765812350efbf54caa3e512057ed0ead87bcf635ee398dfcade675dbdd9cc4b37126c7484cfdb408de64c0d3b7494e5d96048e54862bde7a2e2bc489d52a98
- SSDEEP
  
  768:9qSqC8+N5ozQQsncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqkz:9rqfzQQsamN8835mv7CUroqkz
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2