General
-
Target
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7
-
Size
96KB
-
Sample
241109-2p6qkssrdv
-
MD5
45e3bba0c6d340ff971489e81a3e1c96
-
SHA1
e7e87647f991ad93b98ae72abe8876b57dc9261c
-
SHA256
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7
-
SHA512
f143cba8a30d0bc81702c4e2236f57e6de107d29e5a7daff78d77c955a7247eb3641b7e17f99d45d68387caa62b0f00c6152560ae521fa40ce8b3b586189e13b
-
SSDEEP
768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXk:3RsvcdcQjosnvng6UQ1JN
Static task
static1
Behavioral task
behavioral1
Sample
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7
-
Size
96KB
-
MD5
45e3bba0c6d340ff971489e81a3e1c96
-
SHA1
e7e87647f991ad93b98ae72abe8876b57dc9261c
-
SHA256
5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7
-
SHA512
f143cba8a30d0bc81702c4e2236f57e6de107d29e5a7daff78d77c955a7247eb3641b7e17f99d45d68387caa62b0f00c6152560ae521fa40ce8b3b586189e13b
-
SSDEEP
768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXk:3RsvcdcQjosnvng6UQ1JN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-