06797dde9ab6d4a5bde3eede6251f9c9bbcfc11ff76016f9f4f29cbc6cd6e8bb | Triage

Sharing

General

Target

06797dde9ab6d4a5bde3eede6251f9c9bbcfc11ff76016f9f4f29cbc6cd6e8bb
Size

64KB
Sample

241120-x7fjws1rdz
MD5

f0e183b86ab8b9f3dd23614b6f8a887d
SHA1

6927626bae28729ba6635d9daba5a7a4e3f9e0f4
SHA256

06797dde9ab6d4a5bde3eede6251f9c9bbcfc11ff76016f9f4f29cbc6cd6e8bb
SHA512

79c81db5c377089037c7d2ca2bf6c75b15a028e6747504fcca2dacb31023f4ed4096c2f403330186ab8bb1bae822c7530af92841fd6834ba453280f533d9392d
SSDEEP

768:6zQYScGrIubHuYtv0xwYHw5FAe2QQncwx8Nwv92g3iVS77DeJRl05:8QTIubHR5wQQAc3iVS77my5

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  06797dde9ab6d4a5bde3eede6251f9c9bbcfc11ff76016f9f4f29cbc6cd6e8bb
- Size
  
  64KB
- MD5
  
  f0e183b86ab8b9f3dd23614b6f8a887d
- SHA1
  
  6927626bae28729ba6635d9daba5a7a4e3f9e0f4
- SHA256
  
  06797dde9ab6d4a5bde3eede6251f9c9bbcfc11ff76016f9f4f29cbc6cd6e8bb
- SHA512
  
  79c81db5c377089037c7d2ca2bf6c75b15a028e6747504fcca2dacb31023f4ed4096c2f403330186ab8bb1bae822c7530af92841fd6834ba453280f533d9392d
- SSDEEP
  
  768:6zQYScGrIubHuYtv0xwYHw5FAe2QQncwx8Nwv92g3iVS77DeJRl05:8QTIubHR5wQQAc3iVS77my5
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2