2724261f606dfebdec2b7ca6e4d5ccb3fb4d5b499fed9dfe7d360c72b30311ee | Triage

Sharing

General

Target

2724261f606dfebdec2b7ca6e4d5ccb3fb4d5b499fed9dfe7d360c72b30311eeN
Size

74KB
Sample

240920-3fca2stgke
MD5

7e602cfa80c7dc0b3dba5757a6b42540
SHA1

ccbca9876103127121b6f5bec04947055a007ab7
SHA256

2724261f606dfebdec2b7ca6e4d5ccb3fb4d5b499fed9dfe7d360c72b30311ee
SHA512

a99f852df9ca5917d7ba11810a181370ab2fcb81edc7bb769dc96233239c735ee138b9d76bacd1f6834d276fcd41e5b01af7e53e27656367f7e1938cd9c2804e
SSDEEP

1536:EQTIubHy5wQ5NZgHLl7qJc2fiMIRZprDa8ibxBeovi:d4wONaLlqy2MtDMBvvi

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2724261f606dfebdec2b7ca6e4d5ccb3fb4d5b499fed9dfe7d360c72b30311eeN
- Size
  
  74KB
- MD5
  
  7e602cfa80c7dc0b3dba5757a6b42540
- SHA1
  
  ccbca9876103127121b6f5bec04947055a007ab7
- SHA256
  
  2724261f606dfebdec2b7ca6e4d5ccb3fb4d5b499fed9dfe7d360c72b30311ee
- SHA512
  
  a99f852df9ca5917d7ba11810a181370ab2fcb81edc7bb769dc96233239c735ee138b9d76bacd1f6834d276fcd41e5b01af7e53e27656367f7e1938cd9c2804e
- SSDEEP
  
  1536:EQTIubHy5wQ5NZgHLl7qJc2fiMIRZprDa8ibxBeovi:d4wONaLlqy2MtDMBvvi
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2