25fbb82c835a300f42e532d6ee96ba247b589a6201385bca4c9118d6f3288668 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25fbb82c835a300f42e532d6ee96ba247b589a6201385bca4c9118d6f3288668
Size

50KB
Sample

240706-yf17ys1flm
MD5

454ee8168e041c79206f7edae00de5d6
SHA1

d51b815dc28d62ef760b2a1892609948958ad3cd
SHA256

25fbb82c835a300f42e532d6ee96ba247b589a6201385bca4c9118d6f3288668
SHA512

86566a9a4d57f602254b3dbd6dcb3ae9351dbfb1c9ba443ddd61b4c620db0dd342e13488da6bc2a097eabdf5ce237aba73ae517cda46a473f02ae13e7df1b942
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8tcXmcX8/XrX8/uUjyc2:9rqfzQQRamN88xjm7c7Oc2

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  25fbb82c835a300f42e532d6ee96ba247b589a6201385bca4c9118d6f3288668
- Size
  
  50KB
- MD5
  
  454ee8168e041c79206f7edae00de5d6
- SHA1
  
  d51b815dc28d62ef760b2a1892609948958ad3cd
- SHA256
  
  25fbb82c835a300f42e532d6ee96ba247b589a6201385bca4c9118d6f3288668
- SHA512
  
  86566a9a4d57f602254b3dbd6dcb3ae9351dbfb1c9ba443ddd61b4c620db0dd342e13488da6bc2a097eabdf5ce237aba73ae517cda46a473f02ae13e7df1b942
- SSDEEP
  
  768:9qSqC8+N5ozQQRncwxWmNXMX3cX8tcXmcX8/XrX8/uUjyc2:9rqfzQQRamN88xjm7c7Oc2
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2