1a15d827597d1b33227e51182e1ec9104fcc8157c2155521f9706393f9256ab6 | Triage

Sharing

General

Target

1a15d827597d1b33227e51182e1ec9104fcc8157c2155521f9706393f9256ab6N
Size

41KB
Sample

240921-fqtlrawflj
MD5

212f7480707764a10379a2b67fcb4330
SHA1

12aebd6743f2efc36af8c65ce78f6926b3254296
SHA256

1a15d827597d1b33227e51182e1ec9104fcc8157c2155521f9706393f9256ab6
SHA512

d2959f9c5443de4c414ac08c35dec18132712a499080717504b20006b4a4f2c8196d1cc1a409b61602ffa7728988e0e232be56af7661e91c1aa27925a0b5352e
SSDEEP

768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQWrcwxzhjPE3LLfu:MQoj/YNJcAQWTZ8bLfu

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  1a15d827597d1b33227e51182e1ec9104fcc8157c2155521f9706393f9256ab6N
- Size
  
  41KB
- MD5
  
  212f7480707764a10379a2b67fcb4330
- SHA1
  
  12aebd6743f2efc36af8c65ce78f6926b3254296
- SHA256
  
  1a15d827597d1b33227e51182e1ec9104fcc8157c2155521f9706393f9256ab6
- SHA512
  
  d2959f9c5443de4c414ac08c35dec18132712a499080717504b20006b4a4f2c8196d1cc1a409b61602ffa7728988e0e232be56af7661e91c1aa27925a0b5352e
- SSDEEP
  
  768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQWrcwxzhjPE3LLfu:MQoj/YNJcAQWTZ8bLfu
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2