ef07586092381065d4a5351d73e8b075c0cbe55314d7f8264bd6c240839ec59d | Triage

Sharing

General

Target

2ded529aaf8d93abaad120e1bd182f80N
Size

31KB
Sample

240913-ytzw2swcrr
MD5

2ded529aaf8d93abaad120e1bd182f80
SHA1

dab59246b38570d83ba1e5b9e42c7b6521f2367e
SHA256

ef07586092381065d4a5351d73e8b075c0cbe55314d7f8264bd6c240839ec59d
SHA512

81912d957d7e6262da5156873337fcab493ceee160448212e04342c047d207966da356fcf6e829f2502ab92a27ab41d0b1f4a48e2a228f1f89054500328f7c6d
SSDEEP

768:9qSqC8+N5ozQQQncwxWmNXTXrXhutGvhuvv/vvSXrXrXrXrXtNQ1V:9rqfzQQQamNj7p7777dNQf

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2ded529aaf8d93abaad120e1bd182f80N
- Size
  
  31KB
- MD5
  
  2ded529aaf8d93abaad120e1bd182f80
- SHA1
  
  dab59246b38570d83ba1e5b9e42c7b6521f2367e
- SHA256
  
  ef07586092381065d4a5351d73e8b075c0cbe55314d7f8264bd6c240839ec59d
- SHA512
  
  81912d957d7e6262da5156873337fcab493ceee160448212e04342c047d207966da356fcf6e829f2502ab92a27ab41d0b1f4a48e2a228f1f89054500328f7c6d
- SSDEEP
  
  768:9qSqC8+N5ozQQQncwxWmNXTXrXhutGvhuvv/vvSXrXrXrXrXtNQ1V:9rqfzQQQamNj7p7777dNQf
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2