78db3552086f7e7a721adf7520045a4d58eaaa93bfca70763fbf50e568679511 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

955f51f80c9b282395f57ec5fcd5a5dd_JaffaCakes118
Size

34KB
Sample

240814-kmtvkasgle
MD5

955f51f80c9b282395f57ec5fcd5a5dd
SHA1

cfc665346a551b768221841e74d60c8d5105ebfe
SHA256

78db3552086f7e7a721adf7520045a4d58eaaa93bfca70763fbf50e568679511
SHA512

06f25c13b24c4243e2aa5043479d71c5eba5a5ef7decd932eefc27f41ca3ca02afefb19a0a35063a26ef7203f94460e60f9df6e371f6cf7d804f8783676cecf5
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2Q6ncwxH8:gQTIubHy5wQ6A

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  955f51f80c9b282395f57ec5fcd5a5dd_JaffaCakes118
- Size
  
  34KB
- MD5
  
  955f51f80c9b282395f57ec5fcd5a5dd
- SHA1
  
  cfc665346a551b768221841e74d60c8d5105ebfe
- SHA256
  
  78db3552086f7e7a721adf7520045a4d58eaaa93bfca70763fbf50e568679511
- SHA512
  
  06f25c13b24c4243e2aa5043479d71c5eba5a5ef7decd932eefc27f41ca3ca02afefb19a0a35063a26ef7203f94460e60f9df6e371f6cf7d804f8783676cecf5
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2Q6ncwxH8:gQTIubHy5wQ6A
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2