f1c578b7fd3703dc7a6a91982ca85f314b6fa60b91532ae0e6ab6d5a344da8ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11f726e33a321d174abe26f2fc7ae76e_JaffaCakes118
Size

182KB
Sample

240504-kramgshb2t
MD5

11f726e33a321d174abe26f2fc7ae76e
SHA1

2184c00fc04e483e58a1ac8f9d2ce648e1b0d416
SHA256

f1c578b7fd3703dc7a6a91982ca85f314b6fa60b91532ae0e6ab6d5a344da8ab
SHA512

50308ed596695f5aebf29557053d5f3933b86cc10763249199bfdbeb71d48ce045a09a3dd6baf326af29213c82724942b1552f336e957fb6e4e31f6f6c50b0ea
SSDEEP

768:r/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLb:rRsvcdcQjosnvnZ6LQ1Eb

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  11f726e33a321d174abe26f2fc7ae76e_JaffaCakes118
- Size
  
  182KB
- MD5
  
  11f726e33a321d174abe26f2fc7ae76e
- SHA1
  
  2184c00fc04e483e58a1ac8f9d2ce648e1b0d416
- SHA256
  
  f1c578b7fd3703dc7a6a91982ca85f314b6fa60b91532ae0e6ab6d5a344da8ab
- SHA512
  
  50308ed596695f5aebf29557053d5f3933b86cc10763249199bfdbeb71d48ce045a09a3dd6baf326af29213c82724942b1552f336e957fb6e4e31f6f6c50b0ea
- SSDEEP
  
  768:r/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLb:rRsvcdcQjosnvnZ6LQ1Eb
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2