3fcac6cd414a310715d8145f836227ff46d4a346580e9e3de886bb544b59eeb1 | Triage

Submit
Reports

Overview

overview

Static

static

7

5cdabc5042...18.exe

windows7-x64

5cdabc5042...18.exe

windows10-2004-x64

Sharing

General

Target

5cdabc50425ca0b1a660eb36a45e63e3_JaffaCakes118
Size

23KB
Sample

240719-vlb88svclh
MD5

5cdabc50425ca0b1a660eb36a45e63e3
SHA1

0e2666649ca9f83e4e858f45713de3df739e8aa3
SHA256

3fcac6cd414a310715d8145f836227ff46d4a346580e9e3de886bb544b59eeb1
SHA512

fb93ed5c681c681654f1260b7fbb009663780943ee1e7203db9aeb14a946fc0a2332858aaeaf184db4ea5b96ac11ac01f2c1780ae17d9a73febf676115f4f765
SSDEEP

384:vYvnFViqltk2mZAQ3+fiN93fihFE2mUUDIivVCjBhRtrBNSm1BwYb9Dg3Tl29:v5rlOiN8/E2lUDIiEjBhRtt0m1BZpgDc

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5cdabc50425ca0b1a660eb36a45e63e3_JaffaCakes118.exe

Resource

win7-20240704-en

persistence upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cdabc50425ca0b1a660eb36a45e63e3_JaffaCakes118.exe

Resource

win10v2004-20240709-en

persistence upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.websind.com
Port:
21
Username:
websind.com
Password:
102030

Targets

- Target
  
  5cdabc50425ca0b1a660eb36a45e63e3_JaffaCakes118
- Size
  
  23KB
- MD5
  
  5cdabc50425ca0b1a660eb36a45e63e3
- SHA1
  
  0e2666649ca9f83e4e858f45713de3df739e8aa3
- SHA256
  
  3fcac6cd414a310715d8145f836227ff46d4a346580e9e3de886bb544b59eeb1
- SHA512
  
  fb93ed5c681c681654f1260b7fbb009663780943ee1e7203db9aeb14a946fc0a2332858aaeaf184db4ea5b96ac11ac01f2c1780ae17d9a73febf676115f4f765
- SSDEEP
  
  384:vYvnFViqltk2mZAQ3+fiN93fihFE2mUUDIivVCjBhRtrBNSm1BwYb9Dg3Tl29:v5rlOiN8/E2lUDIiEjBhRtt0m1BZpgDc
Score

10^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy