General
-
Target
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N
-
Size
244KB
-
Sample
241031-j9rs2ssqes
-
MD5
7772dd776f6f1dd6c4606d22a3a81170
-
SHA1
872d64d114b9c32d17b707ac6babd9af58602a45
-
SHA256
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495
-
SHA512
fb39bfa63761bcc3231e51f0174d3ab4912ae326463f6071d8438035ab41cafde3b697ae803ffa67bd3fb56fa985c325cd10511d02aec9e7bd33e6213cf5483e
-
SSDEEP
1536:dvVte+7YkayZ+OttmxKLjWlSA8Zp5JAJjkrSHoW8MHCCSdCes+N9:dvVteka8+OtAcKlSRz5YHoWlHICt49
Static task
static1
Behavioral task
behavioral1
Sample
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Targets
-
-
Target
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495N
-
Size
244KB
-
MD5
7772dd776f6f1dd6c4606d22a3a81170
-
SHA1
872d64d114b9c32d17b707ac6babd9af58602a45
-
SHA256
18e5b02e188d3b4d72a5808bd8055410ff26601aa4953ae4cbd9c482d33a1495
-
SHA512
fb39bfa63761bcc3231e51f0174d3ab4912ae326463f6071d8438035ab41cafde3b697ae803ffa67bd3fb56fa985c325cd10511d02aec9e7bd33e6213cf5483e
-
SSDEEP
1536:dvVte+7YkayZ+OttmxKLjWlSA8Zp5JAJjkrSHoW8MHCCSdCes+N9:dvVteka8+OtAcKlSRz5YHoWlHICt49
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-