General

  • Target

    5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7

  • Size

    96KB

  • Sample

    241109-2p6qkssrdv

  • MD5

    45e3bba0c6d340ff971489e81a3e1c96

  • SHA1

    e7e87647f991ad93b98ae72abe8876b57dc9261c

  • SHA256

    5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7

  • SHA512

    f143cba8a30d0bc81702c4e2236f57e6de107d29e5a7daff78d77c955a7247eb3641b7e17f99d45d68387caa62b0f00c6152560ae521fa40ce8b3b586189e13b

  • SSDEEP

    768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXk:3RsvcdcQjosnvng6UQ1JN

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    griptoloji
  • Password:
    741852

Targets

    • Target

      5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7

    • Size

      96KB

    • MD5

      45e3bba0c6d340ff971489e81a3e1c96

    • SHA1

      e7e87647f991ad93b98ae72abe8876b57dc9261c

    • SHA256

      5f98120e0a18643f4a6d6a0fb74686924999c6e948cdc1f5ae94f0280704cfb7

    • SHA512

      f143cba8a30d0bc81702c4e2236f57e6de107d29e5a7daff78d77c955a7247eb3641b7e17f99d45d68387caa62b0f00c6152560ae521fa40ce8b3b586189e13b

    • SSDEEP

      768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6g7DPQ1TTGfGYeWXk:3RsvcdcQjosnvng6UQ1JN

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks