f1bc70f300475f844c0e106a6f9c6e02803ddaee52eec6b58bc193c3c3a8090f | Triage

Sharing

General

Target

f1bc70f300475f844c0e106a6f9c6e02803ddaee52eec6b58bc193c3c3a8090f
Size

58KB
Sample

240819-dszjnsvdqk
MD5

b60b0d88b7197e5fff9e6dc5e582227a
SHA1

97a3eee1c4f06a861357953efa904abfba213679
SHA256

f1bc70f300475f844c0e106a6f9c6e02803ddaee52eec6b58bc193c3c3a8090f
SHA512

6d0f0c4009b1637d961a6e173775ce34d619a15381e103eb1311703f25cdce34e3ad4126a3487024b275cdf72b7160d7d211c9491adfe374e4d4c2a9a47be999
SSDEEP

768:9qSqC8+N5ozQQBncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6i:9rqfzQQBamN8835mv7CUroL

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  f1bc70f300475f844c0e106a6f9c6e02803ddaee52eec6b58bc193c3c3a8090f
- Size
  
  58KB
- MD5
  
  b60b0d88b7197e5fff9e6dc5e582227a
- SHA1
  
  97a3eee1c4f06a861357953efa904abfba213679
- SHA256
  
  f1bc70f300475f844c0e106a6f9c6e02803ddaee52eec6b58bc193c3c3a8090f
- SHA512
  
  6d0f0c4009b1637d961a6e173775ce34d619a15381e103eb1311703f25cdce34e3ad4126a3487024b275cdf72b7160d7d211c9491adfe374e4d4c2a9a47be999
- SSDEEP
  
  768:9qSqC8+N5ozQQBncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6i:9rqfzQQBamN8835mv7CUroL
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2