aea79b5c6dfb7c4d783a8b4f87aae2bc613ec8f264f73734b41836ce79392925 | Triage

Sharing

General

Target

aea79b5c6dfb7c4d783a8b4f87aae2bc613ec8f264f73734b41836ce79392925
Size

47KB
Sample

241120-cxpdtsybqh
MD5

fcdd0431c3cdefc2e1a38d9aae3d63f7
SHA1

8c716d458f2ff0020d3e6be8ac2103ec1ac84327
SHA256

aea79b5c6dfb7c4d783a8b4f87aae2bc613ec8f264f73734b41836ce79392925
SHA512

9c3c1c3a4129308456b974d39fdeac2057b31521c9b4ad9c350299ee7730ccd3d59406cff88f04a5a27be7246310e38b7656587e8961d43a2cd68909389b7a2a
SSDEEP

768:qflivXrVKpVhKvtxwYHwVFoeAQQmucwU2AXukkrc:8lqrVKprVuQQZc

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  aea79b5c6dfb7c4d783a8b4f87aae2bc613ec8f264f73734b41836ce79392925
- Size
  
  47KB
- MD5
  
  fcdd0431c3cdefc2e1a38d9aae3d63f7
- SHA1
  
  8c716d458f2ff0020d3e6be8ac2103ec1ac84327
- SHA256
  
  aea79b5c6dfb7c4d783a8b4f87aae2bc613ec8f264f73734b41836ce79392925
- SHA512
  
  9c3c1c3a4129308456b974d39fdeac2057b31521c9b4ad9c350299ee7730ccd3d59406cff88f04a5a27be7246310e38b7656587e8961d43a2cd68909389b7a2a
- SSDEEP
  
  768:qflivXrVKpVhKvtxwYHwVFoeAQQmucwU2AXukkrc:8lqrVKprVuQQZc
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2