Overview

overview

10

Static

static

7

d8437a1489...0N.exe

windows7-x64

10

d8437a1489...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d8437a1489f4ccff4387f1ee7a65d8c0N.exe

  • Size

    114KB

  • Sample

    240901-fv63mssdkr

  • MD5

    d8437a1489f4ccff4387f1ee7a65d8c0

  • SHA1

    f55d1f93bd29e397ec56db546122d9556d38c141

  • SHA256

    1c166d92ae70f0b3f8e14fda2634b6ba844b4368ea006a85c7ade03aad4b91a6

  • SHA512

    6058bc021fccff53cb61a7af283ab2c3fb9768c43aed2917fd9a30142a81ba218747e1e454cd7c9524cb9aca7660940572ff661a4d72b8e143f5279cee6dd03e

  • SSDEEP

    768:3x/5inm+cd5rHemPXKqUEphjVuvios1rPr4adL0NqlJMU6wiK1rEKlcIQ1TTGfo5:3xRsvcdCQjosnvnZ6grfQ1b4S

Score
10/10
discoveryupx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    griptoloji
  • Password:
    741852

Targets

    • Target

      d8437a1489f4ccff4387f1ee7a65d8c0N.exe

    • Size

      114KB

    • MD5

      d8437a1489f4ccff4387f1ee7a65d8c0

    • SHA1

      f55d1f93bd29e397ec56db546122d9556d38c141

    • SHA256

      1c166d92ae70f0b3f8e14fda2634b6ba844b4368ea006a85c7ade03aad4b91a6

    • SHA512

      6058bc021fccff53cb61a7af283ab2c3fb9768c43aed2917fd9a30142a81ba218747e1e454cd7c9524cb9aca7660940572ff661a4d72b8e143f5279cee6dd03e

    • SSDEEP

      768:3x/5inm+cd5rHemPXKqUEphjVuvios1rPr4adL0NqlJMU6wiK1rEKlcIQ1TTGfo5:3xRsvcdCQjosnvnZ6grfQ1b4S

    Score
    10/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks