08a036244da521e3d27dd1ec9e32f49c599781f85b83391f57d965de829dc12a | Triage

Sharing

General

Target

2e9e752eb5829cd16d71a52eebd302c0N.exe
Size

96KB
Sample

240817-hv8mksshqe
MD5

2e9e752eb5829cd16d71a52eebd302c0
SHA1

9aa59c56ee3008b2a302770cce3c138627342d9f
SHA256

08a036244da521e3d27dd1ec9e32f49c599781f85b83391f57d965de829dc12a
SHA512

7af11054ee681f7294706e05da55fb934a7f4d89d63c41676c9d81757b60e25fb8b89fcdcbda0dd3905206744aae8b1b3bca483121282e2f0483c14a9d415b2b
SSDEEP

768:p/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+px:pRsvcdcQjosnvng6uQ1JW

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  2e9e752eb5829cd16d71a52eebd302c0N.exe
- Size
  
  96KB
- MD5
  
  2e9e752eb5829cd16d71a52eebd302c0
- SHA1
  
  9aa59c56ee3008b2a302770cce3c138627342d9f
- SHA256
  
  08a036244da521e3d27dd1ec9e32f49c599781f85b83391f57d965de829dc12a
- SHA512
  
  7af11054ee681f7294706e05da55fb934a7f4d89d63c41676c9d81757b60e25fb8b89fcdcbda0dd3905206744aae8b1b3bca483121282e2f0483c14a9d415b2b
- SSDEEP
  
  768:p/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+px:pRsvcdcQjosnvng6uQ1JW
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2