9fd9c1a52b4f85c7602270d2f906dc24997220659996e17997c703e43fbcb3cf | Triage

Sharing

General

Target

9fd9c1a52b4f85c7602270d2f906dc24997220659996e17997c703e43fbcb3cfN
Size

4.7MB
Sample

240920-hns9bathjq
MD5

981d5bce29d26f95fe2fc3ab9a7cae50
SHA1

b81d497b87f9e7f1cd8b0b33f50a10110b77fdbc
SHA256

9fd9c1a52b4f85c7602270d2f906dc24997220659996e17997c703e43fbcb3cf
SHA512

3c27b2a11fb1d8fb72e871c832054f2f5bad8b870453c848e3fb6fea6cca0d823c521cb3cd36afdfe3db16b3e8d99608b8755d51d909dec4cd3d96262ac7e16e
SSDEEP

24576:pviziLeFGI9mrnEWg/zZrBEu8CUVg39YJVu/ny5h4ywk5DBU:Qzs8GiW+Zj8Pg39GVunyf4yva

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  9fd9c1a52b4f85c7602270d2f906dc24997220659996e17997c703e43fbcb3cfN
- Size
  
  4.7MB
- MD5
  
  981d5bce29d26f95fe2fc3ab9a7cae50
- SHA1
  
  b81d497b87f9e7f1cd8b0b33f50a10110b77fdbc
- SHA256
  
  9fd9c1a52b4f85c7602270d2f906dc24997220659996e17997c703e43fbcb3cf
- SHA512
  
  3c27b2a11fb1d8fb72e871c832054f2f5bad8b870453c848e3fb6fea6cca0d823c521cb3cd36afdfe3db16b3e8d99608b8755d51d909dec4cd3d96262ac7e16e
- SSDEEP
  
  24576:pviziLeFGI9mrnEWg/zZrBEu8CUVg39YJVu/ny5h4ywk5DBU:Qzs8GiW+Zj8Pg39GVunyf4yva
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2