ecdb6e2634d1b661065e23ec0d17f343cdc3bfb8728fb726b0fb53eacafd0987 | Triage

Sharing

General

Target

ecdb6e2634d1b661065e23ec0d17f343cdc3bfb8728fb726b0fb53eacafd0987
Size

60KB
Sample

240912-de1vksxfpk
MD5

b4b15e9f9f3e2a61eb0f2ac2c5c54260
SHA1

c14f78bc224224460355024fab8127d83f3180ad
SHA256

ecdb6e2634d1b661065e23ec0d17f343cdc3bfb8728fb726b0fb53eacafd0987
SHA512

14262e39621be22224bc37a3a31ef4bffaf8e146fae51ca78d940677b4d1d2170f80259ab51093a85a67ba768fd9de36bbe8ff89e3c9d243f119947f1cc7a1ab
SSDEEP

768:9qSqC8+N5ozQQsncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6qO:9rqfzQQsamN8835mv7CUronO

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  ecdb6e2634d1b661065e23ec0d17f343cdc3bfb8728fb726b0fb53eacafd0987
- Size
  
  60KB
- MD5
  
  b4b15e9f9f3e2a61eb0f2ac2c5c54260
- SHA1
  
  c14f78bc224224460355024fab8127d83f3180ad
- SHA256
  
  ecdb6e2634d1b661065e23ec0d17f343cdc3bfb8728fb726b0fb53eacafd0987
- SHA512
  
  14262e39621be22224bc37a3a31ef4bffaf8e146fae51ca78d940677b4d1d2170f80259ab51093a85a67ba768fd9de36bbe8ff89e3c9d243f119947f1cc7a1ab
- SSDEEP
  
  768:9qSqC8+N5ozQQsncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6qO:9rqfzQQsamN8835mv7CUronO
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2