8106749b0c6e58b66bc291fb01fdfca0e4da0e2e9c0cc27968b58fad04954a8a | Triage

Sharing

General

Target

66ec18b3057f48556df904b9ce17fba8_JaffaCakes118
Size

118KB
Sample

240723-kxf2fsxfkd
MD5

66ec18b3057f48556df904b9ce17fba8
SHA1

b333af179280043650e203c57272472480f7e8ec
SHA256

8106749b0c6e58b66bc291fb01fdfca0e4da0e2e9c0cc27968b58fad04954a8a
SHA512

c214ac1e1ec4001ffb807d982ab8237f2b0515e31eab345e6e6cb8de0816670ec90065f79d9d31db994eb27baecbfc5c07a6f4019dc191aa27459ec006816b27
SSDEEP

768:szQYScGrIubHuYtvdxwYHw5FAe2QOncwx8:OQTIubHy5wQOg

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  66ec18b3057f48556df904b9ce17fba8_JaffaCakes118
- Size
  
  118KB
- MD5
  
  66ec18b3057f48556df904b9ce17fba8
- SHA1
  
  b333af179280043650e203c57272472480f7e8ec
- SHA256
  
  8106749b0c6e58b66bc291fb01fdfca0e4da0e2e9c0cc27968b58fad04954a8a
- SHA512
  
  c214ac1e1ec4001ffb807d982ab8237f2b0515e31eab345e6e6cb8de0816670ec90065f79d9d31db994eb27baecbfc5c07a6f4019dc191aa27459ec006816b27
- SSDEEP
  
  768:szQYScGrIubHuYtvdxwYHw5FAe2QOncwx8:OQTIubHy5wQOg
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2