b8edbc41a318fc44ec8ad7fe39a870209404c90a31df2469eaccf2c4e2040ab1 | Triage

Sharing

General

Target

b8edbc41a318fc44ec8ad7fe39a870209404c90a31df2469eaccf2c4e2040ab1.exe
Size

197KB
Sample

241122-j45sqaxkgv
MD5

e04a6c9125b982efc1b4a2270a9c1ba6
SHA1

48e92669ec528cf17179364e6fb60d1efbdd1bc9
SHA256

b8edbc41a318fc44ec8ad7fe39a870209404c90a31df2469eaccf2c4e2040ab1
SHA512

db2a121d570db6e7b5593d4e8a0e84b6ef0d7ec639056bef421407cc828f8bfcc89c1503c7b0f14c71f8ce0921ccddff5dc36df6ecb26198be0876b50505d240
SSDEEP

1536:7vVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdPSrowvi+Mtp:7vVQLIkLWeaA8KlCph98rowvQtp

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  b8edbc41a318fc44ec8ad7fe39a870209404c90a31df2469eaccf2c4e2040ab1.exe
- Size
  
  197KB
- MD5
  
  e04a6c9125b982efc1b4a2270a9c1ba6
- SHA1
  
  48e92669ec528cf17179364e6fb60d1efbdd1bc9
- SHA256
  
  b8edbc41a318fc44ec8ad7fe39a870209404c90a31df2469eaccf2c4e2040ab1
- SHA512
  
  db2a121d570db6e7b5593d4e8a0e84b6ef0d7ec639056bef421407cc828f8bfcc89c1503c7b0f14c71f8ce0921ccddff5dc36df6ecb26198be0876b50505d240
- SSDEEP
  
  1536:7vVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdPSrowvi+Mtp:7vVQLIkLWeaA8KlCph98rowvQtp
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2