f4801982a99e42ea218a51482aa4c879e193beca5a73903365209700b86ad156 | Triage

Sharing

General

Target

f4801982a99e42ea218a51482aa4c879e193beca5a73903365209700b86ad156
Size

57KB
Sample

241121-plr2sswqbp
MD5

b8859e8241cd6fa30891d5570da836c3
SHA1

57e329a0e24d3a2f126edcd291e863dfd2f098eb
SHA256

f4801982a99e42ea218a51482aa4c879e193beca5a73903365209700b86ad156
SHA512

3686362784d2941e34a33fb27ae4ff65aac2d2b8e70f3653945645f931c6b26b6681fe35c306c60ee3aa51f86f92a80c3c23dc39c87b1b5cf2316b3fcc4ef3e1
SSDEEP

1536:gQTIubHy5wQDJAejpzkGdxDLbe5vfhvqa3TmR:R4wcZpzNdxDLb6vfhv8R

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  f4801982a99e42ea218a51482aa4c879e193beca5a73903365209700b86ad156
- Size
  
  57KB
- MD5
  
  b8859e8241cd6fa30891d5570da836c3
- SHA1
  
  57e329a0e24d3a2f126edcd291e863dfd2f098eb
- SHA256
  
  f4801982a99e42ea218a51482aa4c879e193beca5a73903365209700b86ad156
- SHA512
  
  3686362784d2941e34a33fb27ae4ff65aac2d2b8e70f3653945645f931c6b26b6681fe35c306c60ee3aa51f86f92a80c3c23dc39c87b1b5cf2316b3fcc4ef3e1
- SSDEEP
  
  1536:gQTIubHy5wQDJAejpzkGdxDLbe5vfhvqa3TmR:R4wcZpzNdxDLb6vfhv8R
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2