General

  • Target

    693b8d154125c6847bb23914eae6ba6b_JaffaCakes118

  • Size

    204KB

  • Sample

    240723-2kscdswclf

  • MD5

    693b8d154125c6847bb23914eae6ba6b

  • SHA1

    d4d521974ab382452b4893e08b8b97091dfe532a

  • SHA256

    3effdcc45ed62fc83729c74b06f7968293e62d8153e122f3c551fc3cfb55fc6d

  • SHA512

    11caec3754e5c8f1f4a22894e29585f1c1404c942465fc91c9873bb0a2e60b0d7c2aa825521b6a8ff863227e4022fe0820ddeebfedb8aed9d011a699613403ab

  • SSDEEP

    1536:NfAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwA7dIolQ:NfQgicdlGvILcU9KQ2BBAkJaPxsIolQ

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Targets

    • Target

      693b8d154125c6847bb23914eae6ba6b_JaffaCakes118

    • Size

      204KB

    • MD5

      693b8d154125c6847bb23914eae6ba6b

    • SHA1

      d4d521974ab382452b4893e08b8b97091dfe532a

    • SHA256

      3effdcc45ed62fc83729c74b06f7968293e62d8153e122f3c551fc3cfb55fc6d

    • SHA512

      11caec3754e5c8f1f4a22894e29585f1c1404c942465fc91c9873bb0a2e60b0d7c2aa825521b6a8ff863227e4022fe0820ddeebfedb8aed9d011a699613403ab

    • SSDEEP

      1536:NfAiHwgicnislGltILYLU9KD02BBAdKJaPoYkwA7dIolQ:NfQgicdlGvILcU9KQ2BBAkJaPxsIolQ

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks