3b10cb7d04670ff32b719bc74ff881634c66af03be6ae43f349ee2e5d00f2777 | Triage

Sharing

General

Target

caf55e8b0e9c865a45101cf7331ffd60N.exe
Size

61KB
Sample

240820-ltdycsyhqk
MD5

caf55e8b0e9c865a45101cf7331ffd60
SHA1

a9a7666c829103d8668ff2811213d444e1bcfe4a
SHA256

3b10cb7d04670ff32b719bc74ff881634c66af03be6ae43f349ee2e5d00f2777
SHA512

eb654543f6690f5b28d29dabebcf02e943ae90a8b97c33fa74138f816570fab31ed9e26767dd461665c13d96ceb15b7db7a56cf535e058d8bfed36263d398e2b
SSDEEP

768:6zQYScGrIubHuYtv0xwYHw5FAe2Q2ncwx8Nwv92g3iVS77DeJRe:8QTIubHR5wQ2Ac3iVS77me

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  caf55e8b0e9c865a45101cf7331ffd60N.exe
- Size
  
  61KB
- MD5
  
  caf55e8b0e9c865a45101cf7331ffd60
- SHA1
  
  a9a7666c829103d8668ff2811213d444e1bcfe4a
- SHA256
  
  3b10cb7d04670ff32b719bc74ff881634c66af03be6ae43f349ee2e5d00f2777
- SHA512
  
  eb654543f6690f5b28d29dabebcf02e943ae90a8b97c33fa74138f816570fab31ed9e26767dd461665c13d96ceb15b7db7a56cf535e058d8bfed36263d398e2b
- SSDEEP
  
  768:6zQYScGrIubHuYtv0xwYHw5FAe2Q2ncwx8Nwv92g3iVS77DeJRe:8QTIubHR5wQ2Ac3iVS77me
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2