e6f92c960d37b8094faa2dba5dfae5c8053727d019fee960f75412f39311e41b | Triage

Sharing

General

Target

e6f92c960d37b8094faa2dba5dfae5c8053727d019fee960f75412f39311e41b
Size

327KB
Sample

240930-eagftaweqj
MD5

5817244191c939f1c9fffd4ef7727eaa
SHA1

086c07b464feb61639462d8921f282d3a45f29d5
SHA256

e6f92c960d37b8094faa2dba5dfae5c8053727d019fee960f75412f39311e41b
SHA512

0d28fbab562363a3e4a0f5e2205fbff5a61eb3dd07cf7b890861e744ba41c3329814f7e2edb08eb8257ba625619905496f6572b54b0d111f8774729170369b65
SSDEEP

3072:P53mQkJtnP5I09qgmBBAWgjSvwN/ojW5NeboYXN/L3t+kS:NmxJtna2qgmBNgQwbekoN7wn

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  e6f92c960d37b8094faa2dba5dfae5c8053727d019fee960f75412f39311e41b
- Size
  
  327KB
- MD5
  
  5817244191c939f1c9fffd4ef7727eaa
- SHA1
  
  086c07b464feb61639462d8921f282d3a45f29d5
- SHA256
  
  e6f92c960d37b8094faa2dba5dfae5c8053727d019fee960f75412f39311e41b
- SHA512
  
  0d28fbab562363a3e4a0f5e2205fbff5a61eb3dd07cf7b890861e744ba41c3329814f7e2edb08eb8257ba625619905496f6572b54b0d111f8774729170369b65
- SSDEEP
  
  3072:P53mQkJtnP5I09qgmBBAWgjSvwN/ojW5NeboYXN/L3t+kS:NmxJtna2qgmBNgQwbekoN7wn
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2