102dfd59166c4c43e467ce0641f1d3046dc353d195c08d964cad84b1b2ba67e9 | Triage

Sharing

General

Target

14ce222f58a5252d8a8edcc01f7cf9d7_JaffaCakes118
Size

64KB
Sample

240627-fzfq9awhmn
MD5

14ce222f58a5252d8a8edcc01f7cf9d7
SHA1

5d1d4a7f3b0e1a0041b193e562f78cf9eb467d27
SHA256

102dfd59166c4c43e467ce0641f1d3046dc353d195c08d964cad84b1b2ba67e9
SHA512

195ae14ce40677ea8fc57361067aa8797a7c3736017661b23d9348e0c2f19d96668922336130d9cf454883e9356819975933d854b5df8c945f9fb948b16fb2e0
SSDEEP

768:A/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLCl:ARsvcdcQjosnvnZ6LQ1Ee

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  14ce222f58a5252d8a8edcc01f7cf9d7_JaffaCakes118
- Size
  
  64KB
- MD5
  
  14ce222f58a5252d8a8edcc01f7cf9d7
- SHA1
  
  5d1d4a7f3b0e1a0041b193e562f78cf9eb467d27
- SHA256
  
  102dfd59166c4c43e467ce0641f1d3046dc353d195c08d964cad84b1b2ba67e9
- SHA512
  
  195ae14ce40677ea8fc57361067aa8797a7c3736017661b23d9348e0c2f19d96668922336130d9cf454883e9356819975933d854b5df8c945f9fb948b16fb2e0
- SSDEEP
  
  768:A/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLCl:ARsvcdcQjosnvnZ6LQ1Ee
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2