5aa779aa7ea562610af9922f21390bbc2a64cd3f19dafd0e8368ca21337881a8 | Triage

Sharing

General

Target

5aa779aa7ea562610af9922f21390bbc2a64cd3f19dafd0e8368ca21337881a8.exe
Size

368KB
Sample

241122-wghqwsvpav
MD5

4b87b6dce439e6127b0b3b3743ac4a9c
SHA1

bfb8f5aedb0383bb96cc1fd76fdb00cee6340792
SHA256

5aa779aa7ea562610af9922f21390bbc2a64cd3f19dafd0e8368ca21337881a8
SHA512

91c6e7c65217258323b3bb4f2eb040504904457eed21e5405e6c3d8d62d12cddc7f7c3cad6e44bef5a4e2edb70ce66af046a8a8786357bab93c5ae668509be2b
SSDEEP

6144:jVTarW9Q2d/6VPAKovnQUvmmAF7J77777S40XS:jVmrW9HKPGvnQUvmmAF7J77777SnXS

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  5aa779aa7ea562610af9922f21390bbc2a64cd3f19dafd0e8368ca21337881a8.exe
- Size
  
  368KB
- MD5
  
  4b87b6dce439e6127b0b3b3743ac4a9c
- SHA1
  
  bfb8f5aedb0383bb96cc1fd76fdb00cee6340792
- SHA256
  
  5aa779aa7ea562610af9922f21390bbc2a64cd3f19dafd0e8368ca21337881a8
- SHA512
  
  91c6e7c65217258323b3bb4f2eb040504904457eed21e5405e6c3d8d62d12cddc7f7c3cad6e44bef5a4e2edb70ce66af046a8a8786357bab93c5ae668509be2b
- SSDEEP
  
  6144:jVTarW9Q2d/6VPAKovnQUvmmAF7J77777S40XS:jVmrW9HKPGvnQUvmmAF7J77777SnXS
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2