f36d13f90cd80eb9f3dfca77688edbe55032f346cdba72f63387fbaf2dda0614 | Triage

Sharing

General

Target

f36d13f90cd80eb9f3dfca77688edbe55032f346cdba72f63387fbaf2dda0614
Size

209KB
Sample

241121-n572pawpbn
MD5

3caaa1a58203e358ba03fb3ac991f210
SHA1

231a091e317e6b410aed4d3e336029a3b2a13d0c
SHA256

f36d13f90cd80eb9f3dfca77688edbe55032f346cdba72f63387fbaf2dda0614
SHA512

25da08955b2a9a291fe68332a177f52974024fbb571c2172ac85c2413eebfce20d8477fa2ace0b0d6deca390e67ca4a0f5779f709403d61960b9f596eab3bc7e
SSDEEP

3072:zVHgCc4xGvbwcU9KQ2BBAHmaPxiVo2b5Euk:aCc4xGxWKQ2BonxIk

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  f36d13f90cd80eb9f3dfca77688edbe55032f346cdba72f63387fbaf2dda0614
- Size
  
  209KB
- MD5
  
  3caaa1a58203e358ba03fb3ac991f210
- SHA1
  
  231a091e317e6b410aed4d3e336029a3b2a13d0c
- SHA256
  
  f36d13f90cd80eb9f3dfca77688edbe55032f346cdba72f63387fbaf2dda0614
- SHA512
  
  25da08955b2a9a291fe68332a177f52974024fbb571c2172ac85c2413eebfce20d8477fa2ace0b0d6deca390e67ca4a0f5779f709403d61960b9f596eab3bc7e
- SSDEEP
  
  3072:zVHgCc4xGvbwcU9KQ2BBAHmaPxiVo2b5Euk:aCc4xGxWKQ2BonxIk
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2