a887bc7c3902cec6e578391495853aa1530817a996b85f87e7167b4aaa94d502 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dba214ea5c0d04a612b72546f0cc95bc_JaffaCakes118
Size

34KB
Sample

240912-cmfzpswclb
MD5

dba214ea5c0d04a612b72546f0cc95bc
SHA1

f69d41150684c80c9352a8a5e049dcd41503c160
SHA256

a887bc7c3902cec6e578391495853aa1530817a996b85f87e7167b4aaa94d502
SHA512

3eee4bab4b28ba5225e8db3a478e81cf53da4abc59ba64789748d1bb8d5534062bb20f207d90452ef5beaab5c4ba88b9ad1c7ca5dc3a724c745bb5955d6c7851
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQumucwUk:ylqrVKprVuQuX

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  dba214ea5c0d04a612b72546f0cc95bc_JaffaCakes118
- Size
  
  34KB
- MD5
  
  dba214ea5c0d04a612b72546f0cc95bc
- SHA1
  
  f69d41150684c80c9352a8a5e049dcd41503c160
- SHA256
  
  a887bc7c3902cec6e578391495853aa1530817a996b85f87e7167b4aaa94d502
- SHA512
  
  3eee4bab4b28ba5225e8db3a478e81cf53da4abc59ba64789748d1bb8d5534062bb20f207d90452ef5beaab5c4ba88b9ad1c7ca5dc3a724c745bb5955d6c7851
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQumucwUk:ylqrVKprVuQuX
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2