21c541bd4bf0ad72d31774e8bfb5668d1138d8e8b986a32abae2ef9801edd588 | Triage

Sharing

General

Target

21c541bd4bf0ad72d31774e8bfb5668d1138d8e8b986a32abae2ef9801edd588N
Size

62KB
Sample

240921-dqdt7asdmg
MD5

aa5145c700f6e6631dd9769e5f9531e0
SHA1

574aac4ac7b47d72b87fab71d2b44b68d8630a09
SHA256

21c541bd4bf0ad72d31774e8bfb5668d1138d8e8b986a32abae2ef9801edd588
SHA512

8ce4790b699daeab9658cc6d06ffb5509c0ddceb868c48101bb683b5a0798e903491ab1a66d96d7972f27cba5712424713aa8768f03953fcf2d5269beb0953c4
SSDEEP

768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6wcW:9rqfzQQRamN8835mv7CUroiW

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  21c541bd4bf0ad72d31774e8bfb5668d1138d8e8b986a32abae2ef9801edd588N
- Size
  
  62KB
- MD5
  
  aa5145c700f6e6631dd9769e5f9531e0
- SHA1
  
  574aac4ac7b47d72b87fab71d2b44b68d8630a09
- SHA256
  
  21c541bd4bf0ad72d31774e8bfb5668d1138d8e8b986a32abae2ef9801edd588
- SHA512
  
  8ce4790b699daeab9658cc6d06ffb5509c0ddceb868c48101bb683b5a0798e903491ab1a66d96d7972f27cba5712424713aa8768f03953fcf2d5269beb0953c4
- SSDEEP
  
  768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtS6wcW:9rqfzQQRamN8835mv7CUroiW
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2