General
-
Target
693b8d154125c6847bb23914eae6ba6b_JaffaCakes118
-
Size
204KB
-
Sample
240723-2kscdswclf
-
MD5
693b8d154125c6847bb23914eae6ba6b
-
SHA1
d4d521974ab382452b4893e08b8b97091dfe532a
-
SHA256
3effdcc45ed62fc83729c74b06f7968293e62d8153e122f3c551fc3cfb55fc6d
-
SHA512
11caec3754e5c8f1f4a22894e29585f1c1404c942465fc91c9873bb0a2e60b0d7c2aa825521b6a8ff863227e4022fe0820ddeebfedb8aed9d011a699613403ab
-
SSDEEP
1536:NfAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwA7dIolQ:NfQgicdlGvILcU9KQ2BBAkJaPxsIolQ
Static task
static1
Behavioral task
behavioral1
Sample
693b8d154125c6847bb23914eae6ba6b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
693b8d154125c6847bb23914eae6ba6b_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Targets
-
-
Target
693b8d154125c6847bb23914eae6ba6b_JaffaCakes118
-
Size
204KB
-
MD5
693b8d154125c6847bb23914eae6ba6b
-
SHA1
d4d521974ab382452b4893e08b8b97091dfe532a
-
SHA256
3effdcc45ed62fc83729c74b06f7968293e62d8153e122f3c551fc3cfb55fc6d
-
SHA512
11caec3754e5c8f1f4a22894e29585f1c1404c942465fc91c9873bb0a2e60b0d7c2aa825521b6a8ff863227e4022fe0820ddeebfedb8aed9d011a699613403ab
-
SSDEEP
1536:NfAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwA7dIolQ:NfQgicdlGvILcU9KQ2BBAkJaPxsIolQ
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-