6add1e088010928cf5e0b3fe40aa6149122f067e4dd5465a3a2696aa625f4613 | Triage

Sharing

General

Target

c1bcc8ded9b3d87ec0b1b3bddcf17125_JaffaCakes118
Size

34KB
Sample

240825-2lpyna1cpn
MD5

c1bcc8ded9b3d87ec0b1b3bddcf17125
SHA1

904897b65358eb6b5b71a2e62245784ebdcee8a4
SHA256

6add1e088010928cf5e0b3fe40aa6149122f067e4dd5465a3a2696aa625f4613
SHA512

8202a850655a7654d7356c13fa31544a8caa08485ef01235d774dd1c29aad46ccf19f858ad78f4d66eac3d3f75d81a0ccb5b03553298a07abdb5aac28c49867b
SSDEEP

768:YflivXrVKpVhKvtxwYHwVFoeAQsmucwUcdz:ulqrVKprVuQsx

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  c1bcc8ded9b3d87ec0b1b3bddcf17125_JaffaCakes118
- Size
  
  34KB
- MD5
  
  c1bcc8ded9b3d87ec0b1b3bddcf17125
- SHA1
  
  904897b65358eb6b5b71a2e62245784ebdcee8a4
- SHA256
  
  6add1e088010928cf5e0b3fe40aa6149122f067e4dd5465a3a2696aa625f4613
- SHA512
  
  8202a850655a7654d7356c13fa31544a8caa08485ef01235d774dd1c29aad46ccf19f858ad78f4d66eac3d3f75d81a0ccb5b03553298a07abdb5aac28c49867b
- SSDEEP
  
  768:YflivXrVKpVhKvtxwYHwVFoeAQsmucwUcdz:ulqrVKprVuQsx
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2