3a34dbbcb4ca6059c2b066b8d31494f3847fa02809a377a4f6cf5d5efa1de832 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f1316ad9200e45736fe70d67b7fee1f_JaffaCakes118.exe
Size

45KB
Sample

240505-k3eqksdc2z
MD5

3f1316ad9200e45736fe70d67b7fee1f
SHA1

025267abf944c91617d9df79e3e45a1e6c573d55
SHA256

3a34dbbcb4ca6059c2b066b8d31494f3847fa02809a377a4f6cf5d5efa1de832
SHA512

838f3b8b0059939a62d8816ed467d8aa17e12dda1e4a8347b0bcc785e42932c01d6861587ad216884600eec6b3b70a689d7d6f1fa3a78fb9b5a28c26f605fbf7
SSDEEP

768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYy6KT:zI0OGrOy6NvSpMZVQ1JQKT

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  3f1316ad9200e45736fe70d67b7fee1f_JaffaCakes118.exe
- Size
  
  45KB
- MD5
  
  3f1316ad9200e45736fe70d67b7fee1f
- SHA1
  
  025267abf944c91617d9df79e3e45a1e6c573d55
- SHA256
  
  3a34dbbcb4ca6059c2b066b8d31494f3847fa02809a377a4f6cf5d5efa1de832
- SHA512
  
  838f3b8b0059939a62d8816ed467d8aa17e12dda1e4a8347b0bcc785e42932c01d6861587ad216884600eec6b3b70a689d7d6f1fa3a78fb9b5a28c26f605fbf7
- SSDEEP
  
  768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYy6KT:zI0OGrOy6NvSpMZVQ1JQKT
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2