24981ed32a77b6054a05c4894f03186bb86e8cb6ff34cbc5d387d05a55a5a6d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ec5a65bda19e87385a410002ed26420N.exe
Size

229KB
Sample

240814-nrc96avcmn
MD5

1ec5a65bda19e87385a410002ed26420
SHA1

f78f6fa09767674150400e9305c9c3417016c79e
SHA256

24981ed32a77b6054a05c4894f03186bb86e8cb6ff34cbc5d387d05a55a5a6d1
SHA512

9ee8d664aa357af3596168f030e14b625445454b0dbf717b87d7cbfd9e4b78dc179ea5a25ffeac5e959fea85f5e34bf3a915ac8f07a9faa1fb6aa64740c374aa
SSDEEP

3072:+VFgCc4xGvbwcU9KQ2BBAHmaPxBVopb5Ec:VCc4xGxWKQ2BonxK

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  1ec5a65bda19e87385a410002ed26420N.exe
- Size
  
  229KB
- MD5
  
  1ec5a65bda19e87385a410002ed26420
- SHA1
  
  f78f6fa09767674150400e9305c9c3417016c79e
- SHA256
  
  24981ed32a77b6054a05c4894f03186bb86e8cb6ff34cbc5d387d05a55a5a6d1
- SHA512
  
  9ee8d664aa357af3596168f030e14b625445454b0dbf717b87d7cbfd9e4b78dc179ea5a25ffeac5e959fea85f5e34bf3a915ac8f07a9faa1fb6aa64740c374aa
- SSDEEP
  
  3072:+VFgCc4xGvbwcU9KQ2BBAHmaPxBVopb5Ec:VCc4xGxWKQ2BonxK
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2