55280be169c9666d74d691a3af6744afa5ad6afd9d2b769346542c593be112b1 | Triage

Sharing

General

Target

0b6610a41f1b7e1b62cbae3e167872a2_JaffaCakes118
Size

37KB
Sample

240624-31zbbayhjb
MD5

0b6610a41f1b7e1b62cbae3e167872a2
SHA1

1954107f25b3eb412278da8deb2551d67911640f
SHA256

55280be169c9666d74d691a3af6744afa5ad6afd9d2b769346542c593be112b1
SHA512

cd1c885bc5d004bceab9b4f609e7d4ab967be11fd9994d32741c683987512e54661a9baee4f6185d1203884beaf3cb892c82f23273a8bc7c7da92fa758a25c32
SSDEEP

768:LhO2hU++jmmFmP39qhhXOHYigASWD1CAns9p5GFnbiFJzuM6rwF:H+++jmmFmP3UHXO4hAS1A4p5GFnbiFrf

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
dickyfish1

Targets

- Target
  
  0b6610a41f1b7e1b62cbae3e167872a2_JaffaCakes118
- Size
  
  37KB
- MD5
  
  0b6610a41f1b7e1b62cbae3e167872a2
- SHA1
  
  1954107f25b3eb412278da8deb2551d67911640f
- SHA256
  
  55280be169c9666d74d691a3af6744afa5ad6afd9d2b769346542c593be112b1
- SHA512
  
  cd1c885bc5d004bceab9b4f609e7d4ab967be11fd9994d32741c683987512e54661a9baee4f6185d1203884beaf3cb892c82f23273a8bc7c7da92fa758a25c32
- SSDEEP
  
  768:LhO2hU++jmmFmP39qhhXOHYigASWD1CAns9p5GFnbiFJzuM6rwF:H+++jmmFmP3UHXO4hAS1A4p5GFnbiFrf
Score

10^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2