Overview

overview

10

Static

static

3

c19ccc478f...18.exe

windows7-x64

10

c19ccc478f...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c19ccc478f4713217123045d5c77df4a_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240825-z77z9awapa

  • MD5

    c19ccc478f4713217123045d5c77df4a

  • SHA1

    0e17ca9c12fc4409d63111d5a3eb3cb86564b45d

  • SHA256

    9aa7deba2bd3a60872a11d979f767740ebae48d2de85dfcc29f941d8b5c2c331

  • SHA512

    1f0eb7d028e698d4fb4734e00f6a5018bb7ea90c023a77376115211777e7158f1fe4d2cf610b7de60251d47c8a2fcc66c0089a6370ec484e693084c622700989

  • SSDEEP

    24576:ubrbXioANfIxl4BVCM615DWiqGBLEGBQTXKQOSSu51vMZfjhQ7aO6OuwuLif8ho/:Sr7iLmxIVZ6qiRBLjQTALuzvMNhD3web

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    mistiklamx.wallst.ru
  • Port:
    21
  • Username:
    u299039
  • Password:
    p6o1f29q

Targets

    • Target

      c19ccc478f4713217123045d5c77df4a_JaffaCakes118

    • Size

      1.4MB

    • MD5

      c19ccc478f4713217123045d5c77df4a

    • SHA1

      0e17ca9c12fc4409d63111d5a3eb3cb86564b45d

    • SHA256

      9aa7deba2bd3a60872a11d979f767740ebae48d2de85dfcc29f941d8b5c2c331

    • SHA512

      1f0eb7d028e698d4fb4734e00f6a5018bb7ea90c023a77376115211777e7158f1fe4d2cf610b7de60251d47c8a2fcc66c0089a6370ec484e693084c622700989

    • SSDEEP

      24576:ubrbXioANfIxl4BVCM615DWiqGBLEGBQTXKQOSSu51vMZfjhQ7aO6OuwuLif8ho/:Sr7iLmxIVZ6qiRBLjQTALuzvMNhD3web

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks