7e7874986f092097f55dd94acc0223f82ec9dde31560a5c173e55e02ed7dd109 | Triage

Sharing

General

Target

7e7874986f092097f55dd94acc0223f82ec9dde31560a5c173e55e02ed7dd109N
Size

37KB
Sample

240921-sas2haycmq
MD5

649b00a08ba3c68800f374238a4197d0
SHA1

eea905d983e056d644019c2feddc657bb6d00bb8
SHA256

7e7874986f092097f55dd94acc0223f82ec9dde31560a5c173e55e02ed7dd109
SHA512

ad8c50c273eedf6dfe37ee5619fd4d0a771c64dbbfc77647d97ec6e1919c4b88354fd588455202149d106ec7fde935977c527a241b99109e3886f3e590310751
SSDEEP

768:+zQYScGrIubHuYtvdxwYHw5FAe2Q/7ncwxrI:YQTIubHy5wQDPI

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  7e7874986f092097f55dd94acc0223f82ec9dde31560a5c173e55e02ed7dd109N
- Size
  
  37KB
- MD5
  
  649b00a08ba3c68800f374238a4197d0
- SHA1
  
  eea905d983e056d644019c2feddc657bb6d00bb8
- SHA256
  
  7e7874986f092097f55dd94acc0223f82ec9dde31560a5c173e55e02ed7dd109
- SHA512
  
  ad8c50c273eedf6dfe37ee5619fd4d0a771c64dbbfc77647d97ec6e1919c4b88354fd588455202149d106ec7fde935977c527a241b99109e3886f3e590310751
- SSDEEP
  
  768:+zQYScGrIubHuYtvdxwYHw5FAe2Q/7ncwxrI:YQTIubHy5wQDPI
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2