Overview

overview

10

Static

static

3

83acfac739...18.exe

windows7-x64

10

83acfac739...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83acfac739ccd52d813f5bbd85872713_JaffaCakes118

  • Size

    208KB

  • Sample

    240809-1pg7jsvbrh

  • MD5

    83acfac739ccd52d813f5bbd85872713

  • SHA1

    d95fb6579af1428eb3a4818a901b629ce7bd7568

  • SHA256

    182bc9891862f7c781174ad02eb7dde35d018c60cebe156df0049fd73cd4f396

  • SHA512

    eb1f86675ac871ba6013f738b9b268874418d79b31b46023ad52a02414aaff0ddf650163ba22971df42e4684f8946f04260c10d5b95acadabba59e1556a8da59

  • SSDEEP

    3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxNVoOb5Ez:QCc4xGxWKQ2Bonxg

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      83acfac739ccd52d813f5bbd85872713_JaffaCakes118

    • Size

      208KB

    • MD5

      83acfac739ccd52d813f5bbd85872713

    • SHA1

      d95fb6579af1428eb3a4818a901b629ce7bd7568

    • SHA256

      182bc9891862f7c781174ad02eb7dde35d018c60cebe156df0049fd73cd4f396

    • SHA512

      eb1f86675ac871ba6013f738b9b268874418d79b31b46023ad52a02414aaff0ddf650163ba22971df42e4684f8946f04260c10d5b95acadabba59e1556a8da59

    • SSDEEP

      3072:tVHgCc4xGvbwcU9KQ2BBAHmaPxNVoOb5Ez:QCc4xGxWKQ2Bonxg

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks