991a9fcdae3d21f8c932ac4bf26ecf44e62cd01c0e3d9eec8eb04bf9cfafbd50 | Triage

Sharing

General

Target

991a9fcdae3d21f8c932ac4bf26ecf44e62cd01c0e3d9eec8eb04bf9cfafbd50
Size

46KB
Sample

240818-3scgksvelq
MD5

560af6583ca1c3c5feae967edf0583db
SHA1

03818be480bfe3256a129d752ba4e44a1b568cb1
SHA256

991a9fcdae3d21f8c932ac4bf26ecf44e62cd01c0e3d9eec8eb04bf9cfafbd50
SHA512

d91bff104d2ba3b7ae0ff9dc11641cbefc167ecce3e8f8b55c16d2042f14d65e27627c94d7c889072ca4f4a8937f7e62009877e709a2e0ea09883d964a8a3ae3
SSDEEP

768:9qSqC8+N5ozQQqncwxWmNXMX3cX8tcXmcX8/XrX8/uUj5:9rqfzQQqamN88xjm7c7t

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  991a9fcdae3d21f8c932ac4bf26ecf44e62cd01c0e3d9eec8eb04bf9cfafbd50
- Size
  
  46KB
- MD5
  
  560af6583ca1c3c5feae967edf0583db
- SHA1
  
  03818be480bfe3256a129d752ba4e44a1b568cb1
- SHA256
  
  991a9fcdae3d21f8c932ac4bf26ecf44e62cd01c0e3d9eec8eb04bf9cfafbd50
- SHA512
  
  d91bff104d2ba3b7ae0ff9dc11641cbefc167ecce3e8f8b55c16d2042f14d65e27627c94d7c889072ca4f4a8937f7e62009877e709a2e0ea09883d964a8a3ae3
- SSDEEP
  
  768:9qSqC8+N5ozQQqncwxWmNXMX3cX8tcXmcX8/XrX8/uUj5:9rqfzQQqamN88xjm7c7t
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2