9f5a3f423d4d791000b01a625198519c6bebb33e842eb1be0e6f3c46fa59e454 | Triage

Sharing

General

Target

741c4a946960cc072619ad57386f86d7_JaffaCakes118
Size

208KB
Sample

240726-py7ysasblh
MD5

741c4a946960cc072619ad57386f86d7
SHA1

edf31d72b79f9ce512e768c83cb3fd15f8933326
SHA256

9f5a3f423d4d791000b01a625198519c6bebb33e842eb1be0e6f3c46fa59e454
SHA512

b11213c2a16aa02974399b9b89dc806076e5c1fcd0b9c0e03429592f30f714854ced02f3be21a46d301af6441c43918a49bfdaa56114013a12825e1d3c36e908
SSDEEP

1536:/NSXbc74YTOnlNSUL09atT0mBBA7aKSvIYFwAfdvoWQO57:/Eo75OnPSI09qgmBBAGKSvwovoW9B

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  741c4a946960cc072619ad57386f86d7_JaffaCakes118
- Size
  
  208KB
- MD5
  
  741c4a946960cc072619ad57386f86d7
- SHA1
  
  edf31d72b79f9ce512e768c83cb3fd15f8933326
- SHA256
  
  9f5a3f423d4d791000b01a625198519c6bebb33e842eb1be0e6f3c46fa59e454
- SHA512
  
  b11213c2a16aa02974399b9b89dc806076e5c1fcd0b9c0e03429592f30f714854ced02f3be21a46d301af6441c43918a49bfdaa56114013a12825e1d3c36e908
- SSDEEP
  
  1536:/NSXbc74YTOnlNSUL09atT0mBBA7aKSvIYFwAfdvoWQO57:/Eo75OnPSI09qgmBBAGKSvwovoW9B
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2