General

  • Target

    18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N

  • Size

    244KB

  • Sample

    241031-j9rs2ssqes

  • MD5

    7772dd776f6f1dd6c4606d22a3a81170

  • SHA1

    872d64d114b9c32d17b707ac6babd9af58602a45

  • SHA256

    18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495

  • SHA512

    fb39bfa63761bcc3231e51f0174d3ab4912ae326463f6071d8438035ab41cafde3b697ae803ffa67bd3fb56fa985c325cd10511d02aec9e7bd33e6213cf5483e

  • SSDEEP

    1536:dvVte+7YkayZ+OttmxKLjWlSA8Zp5JAJjkrSHoW8MHCCSdCes+N9:dvVteka8+OtAcKlSRz5YHoWlHICt49

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Targets

    • Target

      18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N

    • Size

      244KB

    • MD5

      7772dd776f6f1dd6c4606d22a3a81170

    • SHA1

      872d64d114b9c32d17b707ac6babd9af58602a45

    • SHA256

      18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495

    • SHA512

      fb39bfa63761bcc3231e51f0174d3ab4912ae326463f6071d8438035ab41cafde3b697ae803ffa67bd3fb56fa985c325cd10511d02aec9e7bd33e6213cf5483e

    • SSDEEP

      1536:dvVte+7YkayZ+OttmxKLjWlSA8Zp5JAJjkrSHoW8MHCCSdCes+N9:dvVteka8+OtAcKlSRz5YHoWlHICt49

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks