4d727c526e2f94c9109cd8bbfbde320692c452b1d8663decfce1e36e97b84909 | Triage

Sharing

General

Target

091949e6434e5ea276ce2e6bb7e5dea7_JaffaCakes118
Size

237KB
Sample

240430-fwls4adg2v
MD5

091949e6434e5ea276ce2e6bb7e5dea7
SHA1

457ffa391e6b89b80876c1b3586ac69be6772d22
SHA256

4d727c526e2f94c9109cd8bbfbde320692c452b1d8663decfce1e36e97b84909
SHA512

0324fec7a08201eebe738692c6e6f76484d33020a55f963be7debad5912ed8306bf35ea4006f3dbde8918246bcbf212422c1e7b058c4d4dad02b0076fae16c62
SSDEEP

3072:9ePgCctxGv4QcU9KQ2BBA2waPxDtmolNUnJveG1PMg+JdeeJe+Mhl:BCctxGsWKQ2Bx5x55UnJvewyhML

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  091949e6434e5ea276ce2e6bb7e5dea7_JaffaCakes118
- Size
  
  237KB
- MD5
  
  091949e6434e5ea276ce2e6bb7e5dea7
- SHA1
  
  457ffa391e6b89b80876c1b3586ac69be6772d22
- SHA256
  
  4d727c526e2f94c9109cd8bbfbde320692c452b1d8663decfce1e36e97b84909
- SHA512
  
  0324fec7a08201eebe738692c6e6f76484d33020a55f963be7debad5912ed8306bf35ea4006f3dbde8918246bcbf212422c1e7b058c4d4dad02b0076fae16c62
- SSDEEP
  
  3072:9ePgCctxGv4QcU9KQ2BBA2waPxDtmolNUnJveG1PMg+JdeeJe+Mhl:BCctxGsWKQ2Bx5x55UnJvewyhML
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2