87a1b1b4a0e3878b589c782d7196a813b4045f7c781dd9add001f9e8ee7a033f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96483ef1871bbfa057002ea29e172ad3_JaffaCakes118
Size

35KB
Sample

240814-qpplhszajl
MD5

96483ef1871bbfa057002ea29e172ad3
SHA1

82bbbd9aa10a74c159ac5fc46ece5521221b7ff9
SHA256

87a1b1b4a0e3878b589c782d7196a813b4045f7c781dd9add001f9e8ee7a033f
SHA512

33b8aac885257bcf42a407508363dec4862fd8495a25327d8389a6a3cd8801f177b4e4b7fae2e54d1215a918534a11f42e594b2e5eba8c2cbdb83e29a57199c5
SSDEEP

768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/Q9hcwxi:+qYMz2wvdivQ9s

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  96483ef1871bbfa057002ea29e172ad3_JaffaCakes118
- Size
  
  35KB
- MD5
  
  96483ef1871bbfa057002ea29e172ad3
- SHA1
  
  82bbbd9aa10a74c159ac5fc46ece5521221b7ff9
- SHA256
  
  87a1b1b4a0e3878b589c782d7196a813b4045f7c781dd9add001f9e8ee7a033f
- SHA512
  
  33b8aac885257bcf42a407508363dec4862fd8495a25327d8389a6a3cd8801f177b4e4b7fae2e54d1215a918534a11f42e594b2e5eba8c2cbdb83e29a57199c5
- SSDEEP
  
  768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/Q9hcwxi:+qYMz2wvdivQ9s
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2