dc0dea4f7ce5dfe4a90233fa55021cf3490459ff81e62ade9142f40c98bdc030 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc0dea4f7ce5dfe4a90233fa55021cf3490459ff81e62ade9142f40c98bdc030
Size

2.3MB
Sample

240807-d91s3atcra
MD5

c3b4e7eefdb89c031371f7889367476e
SHA1

24e66ad50ef8f2f391593b12a378a0b975e05eed
SHA256

dc0dea4f7ce5dfe4a90233fa55021cf3490459ff81e62ade9142f40c98bdc030
SHA512

daafea80c44ef305e384e252411ce6d1f3bfcf293584bb397bc7e137a0fc3fbeda63d2dd6210043a18d4b5adb8bff19082c7f006b6aa7a16f15bbea4dc116a42
SSDEEP

49152:tcKVDBe/gOs61xz/b1WkHlerfJgQmy2EWsb4AYj8UFop3pAWXryy:iKpBnOs61p5Ip9Ve8UFEXryy

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  dc0dea4f7ce5dfe4a90233fa55021cf3490459ff81e62ade9142f40c98bdc030
- Size
  
  2.3MB
- MD5
  
  c3b4e7eefdb89c031371f7889367476e
- SHA1
  
  24e66ad50ef8f2f391593b12a378a0b975e05eed
- SHA256
  
  dc0dea4f7ce5dfe4a90233fa55021cf3490459ff81e62ade9142f40c98bdc030
- SHA512
  
  daafea80c44ef305e384e252411ce6d1f3bfcf293584bb397bc7e137a0fc3fbeda63d2dd6210043a18d4b5adb8bff19082c7f006b6aa7a16f15bbea4dc116a42
- SSDEEP
  
  49152:tcKVDBe/gOs61xz/b1WkHlerfJgQmy2EWsb4AYj8UFop3pAWXryy:iKpBnOs61p5Ip9Ve8UFEXryy
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2