73d05ce4d0373621fb9eced61ba25c3e1574d9471922819da4e494313a0cbd7e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e4e6401b8d32e1319b8fd8f73155010N.exe
Size

65KB
Sample

240722-jklwhawbnb
MD5

7e4e6401b8d32e1319b8fd8f73155010
SHA1

daa528c7f0058436940519f4f2e83eda07a6e3fb
SHA256

73d05ce4d0373621fb9eced61ba25c3e1574d9471922819da4e494313a0cbd7e
SHA512

0325801d174fbc3282f6d64e7f9b82e5a0bee3405a8036b628afa49db2d06c3197e4bc5641f5302b10b76933439f646df094e4d98fa74ceca9104347aa6d5c22
SSDEEP

768:b/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLp90:bRsvcdcQjosnvnZ6LQ1Ep90

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  7e4e6401b8d32e1319b8fd8f73155010N.exe
- Size
  
  65KB
- MD5
  
  7e4e6401b8d32e1319b8fd8f73155010
- SHA1
  
  daa528c7f0058436940519f4f2e83eda07a6e3fb
- SHA256
  
  73d05ce4d0373621fb9eced61ba25c3e1574d9471922819da4e494313a0cbd7e
- SHA512
  
  0325801d174fbc3282f6d64e7f9b82e5a0bee3405a8036b628afa49db2d06c3197e4bc5641f5302b10b76933439f646df094e4d98fa74ceca9104347aa6d5c22
- SSDEEP
  
  768:b/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLp90:bRsvcdcQjosnvnZ6LQ1Ep90
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2