783debd023e67eb110796cb838b34df34c1e7530461e17b0e5fe00dd932c3e63 | Triage

Sharing

General

Target

783debd023e67eb110796cb838b34df34c1e7530461e17b0e5fe00dd932c3e63N
Size

49KB
Sample

240920-dwmpaawfmp
MD5

25ac59a28dac1bcc47776119e22dffc0
SHA1

5b5b96e88f3df5fb65cd13e55165b4659e470b7f
SHA256

783debd023e67eb110796cb838b34df34c1e7530461e17b0e5fe00dd932c3e63
SHA512

d8d717f1c2c3464423a67cd7264d178b1c13ac40f1cd2f5357c866be7f8ccf6bbbf6c992289e8f6cc0ea2bd512b9acd38fa599c68dc106bdc533e0bf5ae2a704
SSDEEP

768:kflivXrVKpVhKvtxwYHwVFoeAQQmucwUKzdlPPKXDbQr8u:alqrVKprVuQQ7z7PgaJ

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  783debd023e67eb110796cb838b34df34c1e7530461e17b0e5fe00dd932c3e63N
- Size
  
  49KB
- MD5
  
  25ac59a28dac1bcc47776119e22dffc0
- SHA1
  
  5b5b96e88f3df5fb65cd13e55165b4659e470b7f
- SHA256
  
  783debd023e67eb110796cb838b34df34c1e7530461e17b0e5fe00dd932c3e63
- SHA512
  
  d8d717f1c2c3464423a67cd7264d178b1c13ac40f1cd2f5357c866be7f8ccf6bbbf6c992289e8f6cc0ea2bd512b9acd38fa599c68dc106bdc533e0bf5ae2a704
- SSDEEP
  
  768:kflivXrVKpVhKvtxwYHwVFoeAQQmucwUKzdlPPKXDbQr8u:alqrVKprVuQQ7z7PgaJ
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2