07465700a33ccb37bd49b32f4d51c72ca5a3925dc427ad63b8734f8bc8e00eff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4a143c8049cb9c7a9300d874a40d724_JaffaCakes118
Size

34KB
Sample

240908-sga49ssejq
MD5

d4a143c8049cb9c7a9300d874a40d724
SHA1

9b7b6d162c97cd97fea9e85495d54d9c80226f84
SHA256

07465700a33ccb37bd49b32f4d51c72ca5a3925dc427ad63b8734f8bc8e00eff
SHA512

8c3cd355684cf6f31be642464a107c40cd46c1c79db3056cc206f233db76e947d36777a5bb190a4a733074f56c9fcf475fc0877343ad97d35f2ad1c94a1d2221
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2Q7ncwxmh:gQTIubHy5wQ7Ch

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  d4a143c8049cb9c7a9300d874a40d724_JaffaCakes118
- Size
  
  34KB
- MD5
  
  d4a143c8049cb9c7a9300d874a40d724
- SHA1
  
  9b7b6d162c97cd97fea9e85495d54d9c80226f84
- SHA256
  
  07465700a33ccb37bd49b32f4d51c72ca5a3925dc427ad63b8734f8bc8e00eff
- SHA512
  
  8c3cd355684cf6f31be642464a107c40cd46c1c79db3056cc206f233db76e947d36777a5bb190a4a733074f56c9fcf475fc0877343ad97d35f2ad1c94a1d2221
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2Q7ncwxmh:gQTIubHy5wQ7Ch
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2