Overview

overview

10

Static

static

7

1f6e720b9c...0N.exe

windows7-x64

10

1f6e720b9c...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f6e720b9c0b1fc4ac17b08dcd7da970N.exe

  • Size

    54KB

  • Sample

    240901-168e3atgnh

  • MD5

    1f6e720b9c0b1fc4ac17b08dcd7da970

  • SHA1

    08f9d138265301fef3ed3c30a10bbd60d09719df

  • SHA256

    1e49819d007f2488deb5a660dc8f6a2e1e76bf3965b6522e2ecebf961ddf7cf0

  • SHA512

    c15816f036f18887260c7a8b3fa2af0cf9b55d2e113cdb3b0afb22104e59281299fb8ed540f31cc8158efb9c94a1453249ef79c6ca35548e6341960f06278f5d

  • SSDEEP

    1536:4dx1wT5ZpI4YG6kxmxZUUYzkQxQ8IXhEPz:4dbKbYRkxyHmSmPz

Score
10/10
discoveryupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      1f6e720b9c0b1fc4ac17b08dcd7da970N.exe

    • Size

      54KB

    • MD5

      1f6e720b9c0b1fc4ac17b08dcd7da970

    • SHA1

      08f9d138265301fef3ed3c30a10bbd60d09719df

    • SHA256

      1e49819d007f2488deb5a660dc8f6a2e1e76bf3965b6522e2ecebf961ddf7cf0

    • SHA512

      c15816f036f18887260c7a8b3fa2af0cf9b55d2e113cdb3b0afb22104e59281299fb8ed540f31cc8158efb9c94a1453249ef79c6ca35548e6341960f06278f5d

    • SSDEEP

      1536:4dx1wT5ZpI4YG6kxmxZUUYzkQxQ8IXhEPz:4dbKbYRkxyHmSmPz

    Score
    10/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks