3ecea067e810448b5ddc167809d1d4c1e11923a6f18bc073768ddd26c6fbdb6a | Triage

Sharing

General

Target

3ecea067e810448b5ddc167809d1d4c1e11923a6f18bc073768ddd26c6fbdb6aN
Size

47KB
Sample

241005-s87mjswejr
MD5

91dc8f7e1309a1422efe4a5090b53db0
SHA1

d70500ada7592c341cf4b8396197baf8f1443117
SHA256

3ecea067e810448b5ddc167809d1d4c1e11923a6f18bc073768ddd26c6fbdb6a
SHA512

5620507e5094feb91710e09c07abc82df8b1a96554d17ef05cecd406299f21d1047b31dc196eb85e5f369c7663c001fdd12c85ddcad1863ae22ebb452daaace8
SSDEEP

768:qflivXrVKpVhKvtxwYHwVFoeAQdmucwU2AXukkrfVb:8lqrVKprVuQdZN

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  3ecea067e810448b5ddc167809d1d4c1e11923a6f18bc073768ddd26c6fbdb6aN
- Size
  
  47KB
- MD5
  
  91dc8f7e1309a1422efe4a5090b53db0
- SHA1
  
  d70500ada7592c341cf4b8396197baf8f1443117
- SHA256
  
  3ecea067e810448b5ddc167809d1d4c1e11923a6f18bc073768ddd26c6fbdb6a
- SHA512
  
  5620507e5094feb91710e09c07abc82df8b1a96554d17ef05cecd406299f21d1047b31dc196eb85e5f369c7663c001fdd12c85ddcad1863ae22ebb452daaace8
- SSDEEP
  
  768:qflivXrVKpVhKvtxwYHwVFoeAQdmucwU2AXukkrfVb:8lqrVKprVuQdZN
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2