6cf652f4dcf8f4835629e61d528b36213c3f73e17590eb2975d915590911c2ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5e4813216a7cefd165c30eec8f3f570N.exe
Size

37KB
Sample

240805-sqdlrazdnr
MD5

a5e4813216a7cefd165c30eec8f3f570
SHA1

3921e30be31953ffb7172995935ad0cf6123955a
SHA256

6cf652f4dcf8f4835629e61d528b36213c3f73e17590eb2975d915590911c2ef
SHA512

004fc2cb4f8b39b1e9d21203905429b85a1d39e8773aa68d8ed36bdea1a8893a971d4c2d335ef422f57e6822dc68064b93f9cac2a1e48805a947c2534b5ea2a1
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQdmucwUmKDvtf:ylqrVKprVuQdnKDFf

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  a5e4813216a7cefd165c30eec8f3f570N.exe
- Size
  
  37KB
- MD5
  
  a5e4813216a7cefd165c30eec8f3f570
- SHA1
  
  3921e30be31953ffb7172995935ad0cf6123955a
- SHA256
  
  6cf652f4dcf8f4835629e61d528b36213c3f73e17590eb2975d915590911c2ef
- SHA512
  
  004fc2cb4f8b39b1e9d21203905429b85a1d39e8773aa68d8ed36bdea1a8893a971d4c2d335ef422f57e6822dc68064b93f9cac2a1e48805a947c2534b5ea2a1
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQdmucwUmKDvtf:ylqrVKprVuQdnKDFf
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2