33560a859cbb87bdd742fdcbaa62ea5346f5007c0106bb84c78fcd607a98acf3 | Triage

Sharing

General

Target

bd6d4dca49d379eb0c5f61d105fe7210_JaffaCakes118
Size

507KB
Sample

240823-2gzbjashlq
MD5

bd6d4dca49d379eb0c5f61d105fe7210
SHA1

cbc4453360bbbfd61e4e19cd201d20f4ea0f70fb
SHA256

33560a859cbb87bdd742fdcbaa62ea5346f5007c0106bb84c78fcd607a98acf3
SHA512

bd7da59147fbf98949f4a13949b49872387c06bce04e9dcfcf52f1b5483c8fa16e65cb038f930718a1a66f517fb1214bed9cd90fa5190824650e6d945fcc7aa3
SSDEEP

768:5+u501UWr+Mcpb8gYXuqAJ1Y+u4dB4puHChRT+WPq0nyiU3ktgXQ1TTGfL9:5+u503xQqvH4r+3JirQ1E9

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  bd6d4dca49d379eb0c5f61d105fe7210_JaffaCakes118
- Size
  
  507KB
- MD5
  
  bd6d4dca49d379eb0c5f61d105fe7210
- SHA1
  
  cbc4453360bbbfd61e4e19cd201d20f4ea0f70fb
- SHA256
  
  33560a859cbb87bdd742fdcbaa62ea5346f5007c0106bb84c78fcd607a98acf3
- SHA512
  
  bd7da59147fbf98949f4a13949b49872387c06bce04e9dcfcf52f1b5483c8fa16e65cb038f930718a1a66f517fb1214bed9cd90fa5190824650e6d945fcc7aa3
- SSDEEP
  
  768:5+u501UWr+Mcpb8gYXuqAJ1Y+u4dB4puHChRT+WPq0nyiU3ktgXQ1TTGfL9:5+u503xQqvH4r+3JirQ1E9
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2