cdc9214dd3b086a04dff9f1e497ed55f90dfc02ac4e6d8b076ea2a35dfd66cc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdc9214dd3b086a04dff9f1e497ed55f90dfc02ac4e6d8b076ea2a35dfd66cc9
Size

46KB
Sample

240824-ep3btstgpk
MD5

bdbbf93e2c50334ac9c1b9aa5e4898a3
SHA1

9b60f8d0f90b6012787efc8516446fe1454cb275
SHA256

cdc9214dd3b086a04dff9f1e497ed55f90dfc02ac4e6d8b076ea2a35dfd66cc9
SHA512

ca050147ccc90df15716051b9b0d6cc7d92baadab4d53c76ca44c8e5c6ba5e01a1e636b99cdbfebbcbe44b6cf75a72a59a24eec7cc4a2bfdee3fcf2b5d8c239d
SSDEEP

768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYi6KT8:zI0OGrOy6NvSpMZVQ1J4KT8

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  cdc9214dd3b086a04dff9f1e497ed55f90dfc02ac4e6d8b076ea2a35dfd66cc9
- Size
  
  46KB
- MD5
  
  bdbbf93e2c50334ac9c1b9aa5e4898a3
- SHA1
  
  9b60f8d0f90b6012787efc8516446fe1454cb275
- SHA256
  
  cdc9214dd3b086a04dff9f1e497ed55f90dfc02ac4e6d8b076ea2a35dfd66cc9
- SHA512
  
  ca050147ccc90df15716051b9b0d6cc7d92baadab4d53c76ca44c8e5c6ba5e01a1e636b99cdbfebbcbe44b6cf75a72a59a24eec7cc4a2bfdee3fcf2b5d8c239d
- SSDEEP
  
  768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYi6KT8:zI0OGrOy6NvSpMZVQ1J4KT8
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2