16b08c0104886929266581697fed1c24ac6eb342f571fd5ec4b06b695f48a58d | Triage

Sharing

General

Target

f94ce2384f23a8c30edf04d40404d610N
Size

96KB
Sample

240913-asvnyavbnb
MD5

f94ce2384f23a8c30edf04d40404d610
SHA1

fe2aa8541542b09e2bbbbf443071269804743d89
SHA256

16b08c0104886929266581697fed1c24ac6eb342f571fd5ec4b06b695f48a58d
SHA512

7cf80dbb492c54253c6b5512d4af4a98349db30a521519ec195be524bb2441b8c1cfce54ea31387e5540f6e646797ebdf0041465cabdb033e5e062fb7248141e
SSDEEP

768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXM:3RsvcdcQjosnvng6UQ1JD

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  f94ce2384f23a8c30edf04d40404d610N
- Size
  
  96KB
- MD5
  
  f94ce2384f23a8c30edf04d40404d610
- SHA1
  
  fe2aa8541542b09e2bbbbf443071269804743d89
- SHA256
  
  16b08c0104886929266581697fed1c24ac6eb342f571fd5ec4b06b695f48a58d
- SHA512
  
  7cf80dbb492c54253c6b5512d4af4a98349db30a521519ec195be524bb2441b8c1cfce54ea31387e5540f6e646797ebdf0041465cabdb033e5e062fb7248141e
- SSDEEP
  
  768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXM:3RsvcdcQjosnvng6UQ1JD
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2