f178e5b08770bf248b76aecba7fea121e0c7a800147c6cfc4c7693de0613f443 | Triage

Sharing

General

Target

3340a14898285080ea384836061cdd35_JaffaCakes118
Size

191KB
Sample

240710-escwcawclm
MD5

3340a14898285080ea384836061cdd35
SHA1

e9f42dcbf8cb1fe532fe510df2f0f7f700ca99cc
SHA256

f178e5b08770bf248b76aecba7fea121e0c7a800147c6cfc4c7693de0613f443
SHA512

d8f680e54c79d3c08250f282ae6c7346311ab596ff033c13fd6555cb7ce7ae51efcf087cc56b919f6b5b887adeb6326a8024d7e36a1e44021d12992a4cbb0eb7
SSDEEP

768://5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLm:/RsvcdcQjosnvnZ6LQ1Em

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  3340a14898285080ea384836061cdd35_JaffaCakes118
- Size
  
  191KB
- MD5
  
  3340a14898285080ea384836061cdd35
- SHA1
  
  e9f42dcbf8cb1fe532fe510df2f0f7f700ca99cc
- SHA256
  
  f178e5b08770bf248b76aecba7fea121e0c7a800147c6cfc4c7693de0613f443
- SHA512
  
  d8f680e54c79d3c08250f282ae6c7346311ab596ff033c13fd6555cb7ce7ae51efcf087cc56b919f6b5b887adeb6326a8024d7e36a1e44021d12992a4cbb0eb7
- SSDEEP
  
  768://5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLm:/RsvcdcQjosnvnZ6LQ1Em
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2