3bc4f716648025e5952ec49a6adf987f474bca314e05e4a094f56b06f9681614 | Triage

Sharing

General

Target

2f82c470c90bec53cf163b91441d1350N.exe
Size

65KB
Sample

240807-aaj5gsvcmk
MD5

2f82c470c90bec53cf163b91441d1350
SHA1

0994e5ac129312b3cd1aa3fdde1d09356aa3b6bb
SHA256

3bc4f716648025e5952ec49a6adf987f474bca314e05e4a094f56b06f9681614
SHA512

02612ff5c7cfe265d939e7c03a8733e1772bd1a6a4a694f32e5d52b0e057f93f764ec207b935c738dd40b6e828d09793ac0c0bf783b58b6be3950c721e43a74f
SSDEEP

768:b/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLp91:bRsvcdcQjosnvnZ6LQ1Ep91

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  2f82c470c90bec53cf163b91441d1350N.exe
- Size
  
  65KB
- MD5
  
  2f82c470c90bec53cf163b91441d1350
- SHA1
  
  0994e5ac129312b3cd1aa3fdde1d09356aa3b6bb
- SHA256
  
  3bc4f716648025e5952ec49a6adf987f474bca314e05e4a094f56b06f9681614
- SHA512
  
  02612ff5c7cfe265d939e7c03a8733e1772bd1a6a4a694f32e5d52b0e057f93f764ec207b935c738dd40b6e828d09793ac0c0bf783b58b6be3950c721e43a74f
- SSDEEP
  
  768:b/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLp91:bRsvcdcQjosnvnZ6LQ1Ep91
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2