a2a35f5ec20af4383d33d903da88d938fc3e9551cda8bfb4369a05a944df9c8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

248ed3af14beef881b0f3efa5256fc9a_JaffaCakes118
Size

204KB
Sample

240704-ekzedavgmh
MD5

248ed3af14beef881b0f3efa5256fc9a
SHA1

f869149a5e5a87d8181a38a2494e3e57f8a72362
SHA256

a2a35f5ec20af4383d33d903da88d938fc3e9551cda8bfb4369a05a944df9c8a
SHA512

f0bb3071e7132b0d7bbb320e02230b3a938accc8bf8b85d83816eed6d9e8ddc181e824ee5531958d7d57148e767f97902ce99e3d7481f7e68cbd54d376af30ba
SSDEEP

3072:EePgCctxGv4QcU9KQ2BBA2waPxhtmol4yR:ACctxGsWKQ2Bx5xvM0

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  248ed3af14beef881b0f3efa5256fc9a_JaffaCakes118
- Size
  
  204KB
- MD5
  
  248ed3af14beef881b0f3efa5256fc9a
- SHA1
  
  f869149a5e5a87d8181a38a2494e3e57f8a72362
- SHA256
  
  a2a35f5ec20af4383d33d903da88d938fc3e9551cda8bfb4369a05a944df9c8a
- SHA512
  
  f0bb3071e7132b0d7bbb320e02230b3a938accc8bf8b85d83816eed6d9e8ddc181e824ee5531958d7d57148e767f97902ce99e3d7481f7e68cbd54d376af30ba
- SSDEEP
  
  3072:EePgCctxGv4QcU9KQ2BBA2waPxhtmol4yR:ACctxGsWKQ2Bx5xvM0
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2