43ea6239288acbba350606952ad78c912147c42e340890b5c790ce2ba2692cd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed8cae2a9ad5ec1367af01c17a88f4a0_JaffaCakes118
Size

196KB
Sample

240411-qxfnksce42
MD5

ed8cae2a9ad5ec1367af01c17a88f4a0
SHA1

cc8966321c642279c7222b0fd148d3156f422062
SHA256

43ea6239288acbba350606952ad78c912147c42e340890b5c790ce2ba2692cd8
SHA512

06cc21fca370f00d2dd821556cb24b007b66b6dab58827d91f62f16817418385a573edce3ced87d293afa3a4bb6269bee2b49c80a8b81ca6cef17b3f1d76f74e
SSDEEP

1536:lvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdHSrow3F+Mm:lvVQLIkLWeaA8KlCph9Erow3fm

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  ed8cae2a9ad5ec1367af01c17a88f4a0_JaffaCakes118
- Size
  
  196KB
- MD5
  
  ed8cae2a9ad5ec1367af01c17a88f4a0
- SHA1
  
  cc8966321c642279c7222b0fd148d3156f422062
- SHA256
  
  43ea6239288acbba350606952ad78c912147c42e340890b5c790ce2ba2692cd8
- SHA512
  
  06cc21fca370f00d2dd821556cb24b007b66b6dab58827d91f62f16817418385a573edce3ced87d293afa3a4bb6269bee2b49c80a8b81ca6cef17b3f1d76f74e
- SSDEEP
  
  1536:lvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjdHSrow3F+Mm:lvVQLIkLWeaA8KlCph9Erow3fm
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2