60466f2e633d503c3fa5dc10a05a7754bbf5540afb6f23ff3c994e3a29dc1ae2 | Triage

Sharing

General

Target

60466f2e633d503c3fa5dc10a05a7754bbf5540afb6f23ff3c994e3a29dc1ae2
Size

75KB
Sample

240707-2q7n9ssdla
MD5

966a001eda473cc07c99395b4d196b64
SHA1

ac0bb6c3af76aa0974cdbaa60b5436b7fe3a75e4
SHA256

60466f2e633d503c3fa5dc10a05a7754bbf5540afb6f23ff3c994e3a29dc1ae2
SHA512

f5aa9dc3af84ed2b8a7a7c5f22daf8bb349ddfa18be1c0f2045cf42f93ce0ca0a2f4237d6e48803c45048fe8e2db72e30b45424e6fcb4be2f987e127ce5800db
SSDEEP

1536:EQTIubHy5wQkNZgHLl7qJc2fiMIRZprDa8ibxBefEc:d4wPNaLlqy2MtDMBIr

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  60466f2e633d503c3fa5dc10a05a7754bbf5540afb6f23ff3c994e3a29dc1ae2
- Size
  
  75KB
- MD5
  
  966a001eda473cc07c99395b4d196b64
- SHA1
  
  ac0bb6c3af76aa0974cdbaa60b5436b7fe3a75e4
- SHA256
  
  60466f2e633d503c3fa5dc10a05a7754bbf5540afb6f23ff3c994e3a29dc1ae2
- SHA512
  
  f5aa9dc3af84ed2b8a7a7c5f22daf8bb349ddfa18be1c0f2045cf42f93ce0ca0a2f4237d6e48803c45048fe8e2db72e30b45424e6fcb4be2f987e127ce5800db
- SSDEEP
  
  1536:EQTIubHy5wQkNZgHLl7qJc2fiMIRZprDa8ibxBefEc:d4wPNaLlqy2MtDMBIr
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2