ebab1ad28ea30596404e02779915763e02f57878b526bc2eabeb4c3b5c1f8ea1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

006684b83b9938c4566cd02bac5b4cdc_JaffaCakes118
Size

196KB
Sample

240619-zgzk7a1bjc
MD5

006684b83b9938c4566cd02bac5b4cdc
SHA1

77d952530c2a98b3b76dea6e02ee28eb0743027a
SHA256

ebab1ad28ea30596404e02779915763e02f57878b526bc2eabeb4c3b5c1f8ea1
SHA512

76b19752fe9dd5ec5c3e83bcfb4c5f3ce2285f7275fc22ca6a7a889e35e387cb8cd337a0675ed8c9a267303e4ea25db8c03e033fd0fcc109ae90f12dba0a45b9
SSDEEP

1536:kXs9wrnUh4d7ygVpn0uv77P11gqu87hhofgzdBr:kXYw4+dGgLn0sP11gqPofgJl

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  006684b83b9938c4566cd02bac5b4cdc_JaffaCakes118
- Size
  
  196KB
- MD5
  
  006684b83b9938c4566cd02bac5b4cdc
- SHA1
  
  77d952530c2a98b3b76dea6e02ee28eb0743027a
- SHA256
  
  ebab1ad28ea30596404e02779915763e02f57878b526bc2eabeb4c3b5c1f8ea1
- SHA512
  
  76b19752fe9dd5ec5c3e83bcfb4c5f3ce2285f7275fc22ca6a7a889e35e387cb8cd337a0675ed8c9a267303e4ea25db8c03e033fd0fcc109ae90f12dba0a45b9
- SSDEEP
  
  1536:kXs9wrnUh4d7ygVpn0uv77P11gqu87hhofgzdBr:kXYw4+dGgLn0sP11gqPofgJl
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2