d2a4851d8a7d8957de78ed736ae1b93bba0db931908b80edadda3472f4a76601 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a0dca68105af5e124481fb400876950N.exe
Size

449KB
Sample

240727-1zk17athpb
MD5

0a0dca68105af5e124481fb400876950
SHA1

5ef9508515fdc0416a16ff5d668c4535dd90cbfe
SHA256

d2a4851d8a7d8957de78ed736ae1b93bba0db931908b80edadda3472f4a76601
SHA512

c8df7afbf85683963247591da0f16c3b99799619374e87bfca25c79d6d82bef5322d8095c00492d7c6aa0ce4e1247dac929fb000c0b7c731fcc6818b8ad8f0ab
SSDEEP

12288:ZK4naUrLNJZ+1bTvcxxVQR0xqCjTZtTy8SRFTpxr:s4nVRJgpvRqDjTjy8SRFfr

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  0a0dca68105af5e124481fb400876950N.exe
- Size
  
  449KB
- MD5
  
  0a0dca68105af5e124481fb400876950
- SHA1
  
  5ef9508515fdc0416a16ff5d668c4535dd90cbfe
- SHA256
  
  d2a4851d8a7d8957de78ed736ae1b93bba0db931908b80edadda3472f4a76601
- SHA512
  
  c8df7afbf85683963247591da0f16c3b99799619374e87bfca25c79d6d82bef5322d8095c00492d7c6aa0ce4e1247dac929fb000c0b7c731fcc6818b8ad8f0ab
- SSDEEP
  
  12288:ZK4naUrLNJZ+1bTvcxxVQR0xqCjTZtTy8SRFTpxr:s4nVRJgpvRqDjTjy8SRFfr
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2