Overview

overview

10

Static

static

3

e77a27f6d7...f1.exe

windows7-x64

10

e77a27f6d7...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e77a27f6d73ff7dbda33e2f5626780e3d4b2970d963bc3a39c99e342e2fed2f1

  • Size

    426KB

  • Sample

    240919-dghf1sxfnr

  • MD5

    14ed52244ba52b22ff41c5f4151f5cd9

  • SHA1

    5d42699e068a29b6f022b99f926ea27a57fd2eac

  • SHA256

    e77a27f6d73ff7dbda33e2f5626780e3d4b2970d963bc3a39c99e342e2fed2f1

  • SHA512

    6e3ca679b1b00462cf71a9ce6fdfe597d209b50c4a4796f928ca5791a1a03f624c0dea8ed2c088bf121f28170e621eece8b8478e54ad7e92a3e4129f09e0e86b

  • SSDEEP

    1536:SwQgHSLYUWjzlZLXf4QJpUT0mSBAgapetc8o/KdgofQGuG3gvh1nwsq:SBIS3WjzrLXQQJKgmSBAVpet2AgoflH

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      e77a27f6d73ff7dbda33e2f5626780e3d4b2970d963bc3a39c99e342e2fed2f1

    • Size

      426KB

    • MD5

      14ed52244ba52b22ff41c5f4151f5cd9

    • SHA1

      5d42699e068a29b6f022b99f926ea27a57fd2eac

    • SHA256

      e77a27f6d73ff7dbda33e2f5626780e3d4b2970d963bc3a39c99e342e2fed2f1

    • SHA512

      6e3ca679b1b00462cf71a9ce6fdfe597d209b50c4a4796f928ca5791a1a03f624c0dea8ed2c088bf121f28170e621eece8b8478e54ad7e92a3e4129f09e0e86b

    • SSDEEP

      1536:SwQgHSLYUWjzlZLXf4QJpUT0mSBAgapetc8o/KdgofQGuG3gvh1nwsq:SBIS3WjzrLXQQJKgmSBAVpet2AgoflH

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks