6587f9462e8ba3e2556c0b75d9ce8d76178c40efff18733732cb9b290c20ed68 | Triage

Sharing

General

Target

6587f9462e8ba3e2556c0b75d9ce8d76178c40efff18733732cb9b290c20ed68N
Size

36KB
Sample

240920-j6swyaxcpr
MD5

0976b0db8a29bf5fd8ee2caea6b76a20
SHA1

21b3b85d7dcbe566fcfedb8d079b8a0a0a3b61f5
SHA256

6587f9462e8ba3e2556c0b75d9ce8d76178c40efff18733732cb9b290c20ed68
SHA512

3da35d434a9b3a8410bc924d5e14165345b211dadc2d6e12a576efee7fdefef904ecc60a5faf1140fcf8e2ea4653f26bcea0ca1dc38ef763df4da0c00b5e7efd
SSDEEP

768:9qSqC8+N5ozQQkncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXySrc:9rqfzQQkamN88Fr277777S

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  6587f9462e8ba3e2556c0b75d9ce8d76178c40efff18733732cb9b290c20ed68N
- Size
  
  36KB
- MD5
  
  0976b0db8a29bf5fd8ee2caea6b76a20
- SHA1
  
  21b3b85d7dcbe566fcfedb8d079b8a0a0a3b61f5
- SHA256
  
  6587f9462e8ba3e2556c0b75d9ce8d76178c40efff18733732cb9b290c20ed68
- SHA512
  
  3da35d434a9b3a8410bc924d5e14165345b211dadc2d6e12a576efee7fdefef904ecc60a5faf1140fcf8e2ea4653f26bcea0ca1dc38ef763df4da0c00b5e7efd
- SSDEEP
  
  768:9qSqC8+N5ozQQkncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXySrc:9rqfzQQkamN88Fr277777S
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2