a1130ae734e8cf71e5382b5ed26f1c3ff6d2b3aa0c78ecd3372c0c03b0216bd3 | Triage

Sharing

General

Target

07e9027764c0083f1f0fb7a936262acc_JaffaCakes118
Size

274KB
Sample

240429-r41srsde4t
MD5

07e9027764c0083f1f0fb7a936262acc
SHA1

4ccdf6aa3f58a5243e14762d7c682d79317f8b5f
SHA256

a1130ae734e8cf71e5382b5ed26f1c3ff6d2b3aa0c78ecd3372c0c03b0216bd3
SHA512

76f611b98fa3c5904f18a3cf51c2a71b897d7d62370be59241586c22bbac016aa685a7fd2a3ab2a117acd90af11be6c6ddb48d81ea241fe499578a4e356a0eda
SSDEEP

1536:WvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcj9SrowOmryyDr:WvVQLIkLWeaA8KlCph90rowOmrX

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  07e9027764c0083f1f0fb7a936262acc_JaffaCakes118
- Size
  
  274KB
- MD5
  
  07e9027764c0083f1f0fb7a936262acc
- SHA1
  
  4ccdf6aa3f58a5243e14762d7c682d79317f8b5f
- SHA256
  
  a1130ae734e8cf71e5382b5ed26f1c3ff6d2b3aa0c78ecd3372c0c03b0216bd3
- SHA512
  
  76f611b98fa3c5904f18a3cf51c2a71b897d7d62370be59241586c22bbac016aa685a7fd2a3ab2a117acd90af11be6c6ddb48d81ea241fe499578a4e356a0eda
- SSDEEP
  
  1536:WvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcj9SrowOmryyDr:WvVQLIkLWeaA8KlCph90rowOmrX
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2