4f323773c855596f1d766b674a38d34df90b7942684c8bea52711bd2a007a454 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28458fbb92018581d8f01eafbc214b9b_JaffaCakes118
Size

811KB
Sample

240706-mwtl9syhld
MD5

28458fbb92018581d8f01eafbc214b9b
SHA1

a444ee430a60f4bea3e2e54794a6eed7824ae7ee
SHA256

4f323773c855596f1d766b674a38d34df90b7942684c8bea52711bd2a007a454
SHA512

beaf9c9799f67d554571855a74dbf196df66b61b5d9bfea9ae3d062c2ea84a970fe683f5bc6b9ae828f31b08bc4c25231959e6010fe584428827d0cf889fa648
SSDEEP

768:N+u501UWr+Mcpb8gYXuqAJ1Y+u4dB4puHChRT+WPq0nyiU3ktgXQ1TTGfL:N+u503xQqvH4r+3JirQ1E

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  28458fbb92018581d8f01eafbc214b9b_JaffaCakes118
- Size
  
  811KB
- MD5
  
  28458fbb92018581d8f01eafbc214b9b
- SHA1
  
  a444ee430a60f4bea3e2e54794a6eed7824ae7ee
- SHA256
  
  4f323773c855596f1d766b674a38d34df90b7942684c8bea52711bd2a007a454
- SHA512
  
  beaf9c9799f67d554571855a74dbf196df66b61b5d9bfea9ae3d062c2ea84a970fe683f5bc6b9ae828f31b08bc4c25231959e6010fe584428827d0cf889fa648
- SSDEEP
  
  768:N+u501UWr+Mcpb8gYXuqAJ1Y+u4dB4puHChRT+WPq0nyiU3ktgXQ1TTGfL:N+u503xQqvH4r+3JirQ1E
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2