ac6377c59565096414a1dd43c7f1e3b4a91bd170f7f79450067c710716e6b456 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c733e1429cb8c0859265063dcf881de_JaffaCakes118
Size

34KB
Sample

240708-qal7vasfma
MD5

2c733e1429cb8c0859265063dcf881de
SHA1

a60cbced385b4379926a09f5fe58865630c8cfd1
SHA256

ac6377c59565096414a1dd43c7f1e3b4a91bd170f7f79450067c710716e6b456
SHA512

74e85b198836ac56aa6f1cb862e710104c37f1868681a76c25a0b5ce63431009b803e73ea24d7a3d97727fe8c65b39b4e41e6da36941c6fbaeb95cd54a1d2184
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQQmucwUCsV:ylqrVKprVuQQAV

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2c733e1429cb8c0859265063dcf881de_JaffaCakes118
- Size
  
  34KB
- MD5
  
  2c733e1429cb8c0859265063dcf881de
- SHA1
  
  a60cbced385b4379926a09f5fe58865630c8cfd1
- SHA256
  
  ac6377c59565096414a1dd43c7f1e3b4a91bd170f7f79450067c710716e6b456
- SHA512
  
  74e85b198836ac56aa6f1cb862e710104c37f1868681a76c25a0b5ce63431009b803e73ea24d7a3d97727fe8c65b39b4e41e6da36941c6fbaeb95cd54a1d2184
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQQmucwUCsV:ylqrVKprVuQQAV
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2