dedc7cbdd28ceb2bfd27f7e7464979ac5985de39eb5decab1a776595e1785865 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dedc7cbdd28ceb2bfd27f7e7464979ac5985de39eb5decab1a776595e1785865N
Size

57KB
Sample

241004-jsyv2awhka
MD5

62759c17be948025234d02101023f4a0
SHA1

e21f5dd4c216ef9eddcd8bb03cde9adae9170a23
SHA256

dedc7cbdd28ceb2bfd27f7e7464979ac5985de39eb5decab1a776595e1785865
SHA512

8d081fd6ed5d27c8872324d3c4ca023ed242bc99f6f77ee24d34fc76b7bde835e5101cf56bf81f004199e2018ee3c10f75da06f8ba37bbb4b3dca002e50d7ede
SSDEEP

1536:gQTIubHy5wQwJAejpzkGdxDLbe5vfhvqa3TmW:R4wXZpzNdxDLb6vfhv8W

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  dedc7cbdd28ceb2bfd27f7e7464979ac5985de39eb5decab1a776595e1785865N
- Size
  
  57KB
- MD5
  
  62759c17be948025234d02101023f4a0
- SHA1
  
  e21f5dd4c216ef9eddcd8bb03cde9adae9170a23
- SHA256
  
  dedc7cbdd28ceb2bfd27f7e7464979ac5985de39eb5decab1a776595e1785865
- SHA512
  
  8d081fd6ed5d27c8872324d3c4ca023ed242bc99f6f77ee24d34fc76b7bde835e5101cf56bf81f004199e2018ee3c10f75da06f8ba37bbb4b3dca002e50d7ede
- SSDEEP
  
  1536:gQTIubHy5wQwJAejpzkGdxDLbe5vfhvqa3TmW:R4wXZpzNdxDLb6vfhv8W
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2