16e39597e6c12031c4dd92c94dbfd8ee915c815159882f6a849eb3ef96a13d22 | Triage

Sharing

General

Target

60084e015cce578bcf6175d3af73bce1_JaffaCakes118
Size

34KB
Sample

240720-l3bvcsxbrq
MD5

60084e015cce578bcf6175d3af73bce1
SHA1

d9619d52bc824fdba539fb54fa8e9e68df0b4cdc
SHA256

16e39597e6c12031c4dd92c94dbfd8ee915c815159882f6a849eb3ef96a13d22
SHA512

a7db800cb550237ab57e281d784b3006decff8225de239a9287e838f7e2ef74673ae478c6274f679ec31bf4f98c66396e5b08323799b4e929d5735ac4ff6b9f0
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQumucwUQj:ylqrVKprVuQuxj

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  60084e015cce578bcf6175d3af73bce1_JaffaCakes118
- Size
  
  34KB
- MD5
  
  60084e015cce578bcf6175d3af73bce1
- SHA1
  
  d9619d52bc824fdba539fb54fa8e9e68df0b4cdc
- SHA256
  
  16e39597e6c12031c4dd92c94dbfd8ee915c815159882f6a849eb3ef96a13d22
- SHA512
  
  a7db800cb550237ab57e281d784b3006decff8225de239a9287e838f7e2ef74673ae478c6274f679ec31bf4f98c66396e5b08323799b4e929d5735ac4ff6b9f0
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQumucwUQj:ylqrVKprVuQuxj
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2