7b92c8170be3c0423300a9e788661afdad8add25f7ebc0095a0a81706f772f36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a54672463d0d6ed54eb8a640aa68a2e_JaffaCakes118
Size

208KB
Sample

240628-qxr2lsvfkk
MD5

1a54672463d0d6ed54eb8a640aa68a2e
SHA1

4ead236e28971f78587b67d23fea506fad5f9f98
SHA256

7b92c8170be3c0423300a9e788661afdad8add25f7ebc0095a0a81706f772f36
SHA512

64d411fae54ba4f6ebfe4958ea73cb037416f130a12e800bf20a1cf4fb01ab8815074f475dfb13cb30657d4163014478cb67a800f66bc61fb9a8c50e05a8ebb2
SSDEEP

3072:CVHgCc4xGvbwcU9KQ2BBAHmaPxBVokb5EFf:jCc4xGxWKQ2BonxQf

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  1a54672463d0d6ed54eb8a640aa68a2e_JaffaCakes118
- Size
  
  208KB
- MD5
  
  1a54672463d0d6ed54eb8a640aa68a2e
- SHA1
  
  4ead236e28971f78587b67d23fea506fad5f9f98
- SHA256
  
  7b92c8170be3c0423300a9e788661afdad8add25f7ebc0095a0a81706f772f36
- SHA512
  
  64d411fae54ba4f6ebfe4958ea73cb037416f130a12e800bf20a1cf4fb01ab8815074f475dfb13cb30657d4163014478cb67a800f66bc61fb9a8c50e05a8ebb2
- SSDEEP
  
  3072:CVHgCc4xGvbwcU9KQ2BBAHmaPxBVokb5EFf:jCc4xGxWKQ2BonxQf
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2