9537bf4b5a6b2e48c0d1c5f3ecf1a1ce5861015aa91ac5f83481a9f215519e8e | Triage

Sharing

General

Target

9537bf4b5a6b2e48c0d1c5f3ecf1a1ce5861015aa91ac5f83481a9f215519e8eN
Size

47KB
Sample

241015-and6dsterf
MD5

866850902cc109999573e2c2afe25e10
SHA1

f3721d929667c2c45c3400191021ff2efaf13837
SHA256

9537bf4b5a6b2e48c0d1c5f3ecf1a1ce5861015aa91ac5f83481a9f215519e8e
SHA512

a736da16c2b8d8ff63fe97259e64f6476a8230f534dd251fec9932eb21cc2cab1bddd2afd55a21c8be5dbbd4e87ef0ce608cbd7ba58a20a8c3694f57dae2cb39
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2Q/7ncwx9vMdJTeTXpnHTkGrbHdrzxDvDPT:gQTIubHy5wQDJAejpzkGdxDLr

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  9537bf4b5a6b2e48c0d1c5f3ecf1a1ce5861015aa91ac5f83481a9f215519e8eN
- Size
  
  47KB
- MD5
  
  866850902cc109999573e2c2afe25e10
- SHA1
  
  f3721d929667c2c45c3400191021ff2efaf13837
- SHA256
  
  9537bf4b5a6b2e48c0d1c5f3ecf1a1ce5861015aa91ac5f83481a9f215519e8e
- SHA512
  
  a736da16c2b8d8ff63fe97259e64f6476a8230f534dd251fec9932eb21cc2cab1bddd2afd55a21c8be5dbbd4e87ef0ce608cbd7ba58a20a8c3694f57dae2cb39
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2Q/7ncwx9vMdJTeTXpnHTkGrbHdrzxDvDPT:gQTIubHy5wQDJAejpzkGdxDLr
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2