e3f05e5e4a6919772ce09a6c0ea6239c12a52224005faa00cd08de72f5d0cc3b | Triage

Sharing

General

Target

e3f05e5e4a6919772ce09a6c0ea6239c12a52224005faa00cd08de72f5d0cc3bN
Size

64KB
Sample

240929-l9whcazbrk
MD5

48fb0dc2ac5b25a90d62a20483363f00
SHA1

32453f8ddd3b5f1642100d5a5d4e82f6253231ad
SHA256

e3f05e5e4a6919772ce09a6c0ea6239c12a52224005faa00cd08de72f5d0cc3b
SHA512

275bd6e431b1fc78a17575e1e0edc5766314ff0bff0ddb10d4ce7dd72ba43cbb001029228b5e3585e716904c55933439c4e3224b8ba94beef4d36c0fa94a68c9
SSDEEP

1536:gQTIubHy5wQkJAejpzkGdxDLw3qMnd1YzHgLj:R4wPZpzNdxDL25Ey

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  e3f05e5e4a6919772ce09a6c0ea6239c12a52224005faa00cd08de72f5d0cc3bN
- Size
  
  64KB
- MD5
  
  48fb0dc2ac5b25a90d62a20483363f00
- SHA1
  
  32453f8ddd3b5f1642100d5a5d4e82f6253231ad
- SHA256
  
  e3f05e5e4a6919772ce09a6c0ea6239c12a52224005faa00cd08de72f5d0cc3b
- SHA512
  
  275bd6e431b1fc78a17575e1e0edc5766314ff0bff0ddb10d4ce7dd72ba43cbb001029228b5e3585e716904c55933439c4e3224b8ba94beef4d36c0fa94a68c9
- SSDEEP
  
  1536:gQTIubHy5wQkJAejpzkGdxDLw3qMnd1YzHgLj:R4wPZpzNdxDL25Ey
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2