8d6ef83c290e549c32ba59da65bcc8f4e10de20189854008f325987ae9f7b461 | Triage

Sharing

General

Target

dfd9c5513c1c04555d274b8e27ca42d0N.exe
Size

306KB
Sample

240907-cfgmnazbmq
MD5

dfd9c5513c1c04555d274b8e27ca42d0
SHA1

1bc606e4212f80b8f802c2cb1bc276ddc32e9075
SHA256

8d6ef83c290e549c32ba59da65bcc8f4e10de20189854008f325987ae9f7b461
SHA512

1f51afef4b7e1fc7078a9101ef0ac09056c4314037777de68eb2e04396f643aa0f80978ae49b470a0159d8668e306f761bbb2d10cbbac1142079259849e22004
SSDEEP

3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxvVo4b5E/g:QCc4xGxWKQ2BonxIg

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  dfd9c5513c1c04555d274b8e27ca42d0N.exe
- Size
  
  306KB
- MD5
  
  dfd9c5513c1c04555d274b8e27ca42d0
- SHA1
  
  1bc606e4212f80b8f802c2cb1bc276ddc32e9075
- SHA256
  
  8d6ef83c290e549c32ba59da65bcc8f4e10de20189854008f325987ae9f7b461
- SHA512
  
  1f51afef4b7e1fc7078a9101ef0ac09056c4314037777de68eb2e04396f643aa0f80978ae49b470a0159d8668e306f761bbb2d10cbbac1142079259849e22004
- SSDEEP
  
  3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxvVo4b5E/g:QCc4xGxWKQ2BonxIg
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2