6d64452734a1bb641a51f24c68b2276740a299e27c0167c863fe96ec75ddab35 | Triage

Sharing

General

Target

0984bf3ea17556ec9cac91071a617415_JaffaCakes118
Size

260KB
Sample

240430-lh895ahd7v
MD5

0984bf3ea17556ec9cac91071a617415
SHA1

d101abb87efe689068f2fff0d71e766cb1941e07
SHA256

6d64452734a1bb641a51f24c68b2276740a299e27c0167c863fe96ec75ddab35
SHA512

92baee9ae9258e0a658b387e14586ee196a552154beb1ea58b682e60ba40381894bce354947711ed9c610bcfc6eb9223e01929eb8593f4f3a955fdcc593bb737
SSDEEP

3072:cBlvaWjzrLXQQJKgmSBAVpet2ngoel4WWI+OXKWI438:8paWjz/gGKgmS+k2i1W/+7e

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  0984bf3ea17556ec9cac91071a617415_JaffaCakes118
- Size
  
  260KB
- MD5
  
  0984bf3ea17556ec9cac91071a617415
- SHA1
  
  d101abb87efe689068f2fff0d71e766cb1941e07
- SHA256
  
  6d64452734a1bb641a51f24c68b2276740a299e27c0167c863fe96ec75ddab35
- SHA512
  
  92baee9ae9258e0a658b387e14586ee196a552154beb1ea58b682e60ba40381894bce354947711ed9c610bcfc6eb9223e01929eb8593f4f3a955fdcc593bb737
- SSDEEP
  
  3072:cBlvaWjzrLXQQJKgmSBAVpet2ngoel4WWI+OXKWI438:8paWjz/gGKgmS+k2i1W/+7e
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2