ac4a3e618c040ac02d28fdef462bc0d1fcf78467f622ca6fb7c49f23a5124733 | Triage

Sharing

General

Target

6228000c2488d7dd89970ecd6d0b9ff8_JaffaCakes118
Size

209KB
Sample

240722-bde6dawelm
MD5

6228000c2488d7dd89970ecd6d0b9ff8
SHA1

4b027947798ae6a5cc4b777cf3917c1ba0a3c330
SHA256

ac4a3e618c040ac02d28fdef462bc0d1fcf78467f622ca6fb7c49f23a5124733
SHA512

bb057f0598db346fa86d55cdcae6b64320c4dd286f54de6d6566198b7a89b74b236ef93deb2af749538a14fd94fe9856e94be7ac850515800fcebe6a5fdd57f3
SSDEEP

1536:kwQBHvoYUWjzlZLXf4QJpUT0mSBAgapetc8o/Kdgo5QGuG3g7/:kBlvaWjzrLXQQJKgmSBAVpet2Ago5lu

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  6228000c2488d7dd89970ecd6d0b9ff8_JaffaCakes118
- Size
  
  209KB
- MD5
  
  6228000c2488d7dd89970ecd6d0b9ff8
- SHA1
  
  4b027947798ae6a5cc4b777cf3917c1ba0a3c330
- SHA256
  
  ac4a3e618c040ac02d28fdef462bc0d1fcf78467f622ca6fb7c49f23a5124733
- SHA512
  
  bb057f0598db346fa86d55cdcae6b64320c4dd286f54de6d6566198b7a89b74b236ef93deb2af749538a14fd94fe9856e94be7ac850515800fcebe6a5fdd57f3
- SSDEEP
  
  1536:kwQBHvoYUWjzlZLXf4QJpUT0mSBAgapetc8o/Kdgo5QGuG3g7/:kBlvaWjzrLXQQJKgmSBAVpet2Ago5lu
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2