Overview

overview

10

Static

static

7

903731b907...18.exe

windows7-x64

10

903731b907...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    903731b907e5052d1103a068f61bbde5_JaffaCakes118.exe

  • Size

    330KB

  • Sample

    240505-k8zb6sgg66

  • MD5

    903731b907e5052d1103a068f61bbde5

  • SHA1

    fa0c6dcec3657d62a1173f2453ff1fa9fad0b916

  • SHA256

    b5cec2e723d3963bef9e41b6330e5c9a913bf5a227d9b77c18d2c3f7656f1596

  • SHA512

    49c8ecf30573fbf1cd9fb7bcf16a0e9ec5a61ea92db6ea46d2d68d203dc42295155902acc47d06632eae63a34730dd2368a3347c14ecdb1b8f6e534561f8b3f6

  • SSDEEP

    3072:e53mQjJtnP5I09qgmBBAWgjSvwFV7dbptmM4eeJrDFb4b:emeJtna2qgmBNgQwN1cJHFMb

Score
10/10
upx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      903731b907e5052d1103a068f61bbde5_JaffaCakes118.exe

    • Size

      330KB

    • MD5

      903731b907e5052d1103a068f61bbde5

    • SHA1

      fa0c6dcec3657d62a1173f2453ff1fa9fad0b916

    • SHA256

      b5cec2e723d3963bef9e41b6330e5c9a913bf5a227d9b77c18d2c3f7656f1596

    • SHA512

      49c8ecf30573fbf1cd9fb7bcf16a0e9ec5a61ea92db6ea46d2d68d203dc42295155902acc47d06632eae63a34730dd2368a3347c14ecdb1b8f6e534561f8b3f6

    • SSDEEP

      3072:e53mQjJtnP5I09qgmBBAWgjSvwFV7dbptmM4eeJrDFb4b:emeJtna2qgmBNgQwN1cJHFMb

    Score
    10/10
    upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks