0655efa8bb11189260d62c45471dce081d0cad0151232de81c50fd9f1835d45d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7613e165182a9ec8f6c8df0bf38bf001_JaffaCakes118
Size

35KB
Sample

240726-2v3k4starh
MD5

7613e165182a9ec8f6c8df0bf38bf001
SHA1

e3c9700bff8d22cc37de241cd9a74fc6640bb452
SHA256

0655efa8bb11189260d62c45471dce081d0cad0151232de81c50fd9f1835d45d
SHA512

c10ffd4d855d1ced52390f32a29a623261affc76a14228dcfab5ff130c3d6ab875373bd01c62294fdd32110bb2f029137aab974944a9b33f378bdf64642f2215
SSDEEP

768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQ+rcwxcvd:MQoj/YNJcAQ++

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  7613e165182a9ec8f6c8df0bf38bf001_JaffaCakes118
- Size
  
  35KB
- MD5
  
  7613e165182a9ec8f6c8df0bf38bf001
- SHA1
  
  e3c9700bff8d22cc37de241cd9a74fc6640bb452
- SHA256
  
  0655efa8bb11189260d62c45471dce081d0cad0151232de81c50fd9f1835d45d
- SHA512
  
  c10ffd4d855d1ced52390f32a29a623261affc76a14228dcfab5ff130c3d6ab875373bd01c62294fdd32110bb2f029137aab974944a9b33f378bdf64642f2215
- SSDEEP
  
  768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQ+rcwxcvd:MQoj/YNJcAQ++
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2