1307a73595fae3de07d67aba79589c946d687efe642a52f88658c605eefaeedb | Triage

Sharing

General

Target

325a6a127999d868c56e214124d226ce_JaffaCakes118
Size

196KB
Sample

240709-23nf6atalg
MD5

325a6a127999d868c56e214124d226ce
SHA1

8326daf2e6dee95efc2ffd8293e2d55b8684e51a
SHA256

1307a73595fae3de07d67aba79589c946d687efe642a52f88658c605eefaeedb
SHA512

315d9409779e1388b6371bddc73d6b0fee39c3bd3dc7eb8bbf8193f194df32e850c0522f3793a76431862bc756c92c8383898d594e9c80229ee582bc1f258ef1
SSDEEP

1536:iZ/fgkAqJlV+n1EgGHo7P1YPx28Vlyon1so:i1gkZl0nt/P1YPxuonh

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  325a6a127999d868c56e214124d226ce_JaffaCakes118
- Size
  
  196KB
- MD5
  
  325a6a127999d868c56e214124d226ce
- SHA1
  
  8326daf2e6dee95efc2ffd8293e2d55b8684e51a
- SHA256
  
  1307a73595fae3de07d67aba79589c946d687efe642a52f88658c605eefaeedb
- SHA512
  
  315d9409779e1388b6371bddc73d6b0fee39c3bd3dc7eb8bbf8193f194df32e850c0522f3793a76431862bc756c92c8383898d594e9c80229ee582bc1f258ef1
- SSDEEP
  
  1536:iZ/fgkAqJlV+n1EgGHo7P1YPx28Vlyon1so:i1gkZl0nt/P1YPxuonh
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2