32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe
Size

58KB
Sample

240703-drbq8avcne
MD5

eb89431038f850e6c3e7ffad00c57ef0
SHA1

08712520448ebb29de02ba9d90acc93e36bcec61
SHA256

32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd
SHA512

fea3c0f861e4c059577d916e7a617dc6c8e214cd51222ffe49b8c6d7dfd75f9c20c397e6a611ff1dd5f43aad38423faa47d64d91ea1ac98aba798657ab96088c
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6T:9rqfzQQRamN8835mv7CUroa

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd.exe
- Size
  
  58KB
- MD5
  
  eb89431038f850e6c3e7ffad00c57ef0
- SHA1
  
  08712520448ebb29de02ba9d90acc93e36bcec61
- SHA256
  
  32ae95fc9fec634dc8a1100f42cc4c7d6c85f89448e8e1bfcf6d2e87798fe8bd
- SHA512
  
  fea3c0f861e4c059577d916e7a617dc6c8e214cd51222ffe49b8c6d7dfd75f9c20c397e6a611ff1dd5f43aad38423faa47d64d91ea1ac98aba798657ab96088c
- SSDEEP
  
  768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6T:9rqfzQQRamN8835mv7CUroa
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2