daf3f1d5a15b1fcb90c1fd2905b89ace810a6c8f0eca92bfbf55116dab35231a | Triage

Sharing

General

Target

dc93c811bc4f4d7ee5d3a394ae2a16f8_JaffaCakes118
Size

35KB
Sample

240912-tktw8ashng
MD5

dc93c811bc4f4d7ee5d3a394ae2a16f8
SHA1

840a122fc065c4d7075aa6ab60fd885041ad8d6f
SHA256

daf3f1d5a15b1fcb90c1fd2905b89ace810a6c8f0eca92bfbf55116dab35231a
SHA512

74469ad6751143f21fb6c84f02e4e1e3bafffda691781a64616eb0ac87c27d336ec0d9df137357554d9315f2dfa9cdd58dfca45a4e990af7e4d030495855e0be
SSDEEP

768:cflivXrVKpVhKvtxwYHwVFoeAQTmucwUwnI:ylqrVKprVuQTpI

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  dc93c811bc4f4d7ee5d3a394ae2a16f8_JaffaCakes118
- Size
  
  35KB
- MD5
  
  dc93c811bc4f4d7ee5d3a394ae2a16f8
- SHA1
  
  840a122fc065c4d7075aa6ab60fd885041ad8d6f
- SHA256
  
  daf3f1d5a15b1fcb90c1fd2905b89ace810a6c8f0eca92bfbf55116dab35231a
- SHA512
  
  74469ad6751143f21fb6c84f02e4e1e3bafffda691781a64616eb0ac87c27d336ec0d9df137357554d9315f2dfa9cdd58dfca45a4e990af7e4d030495855e0be
- SSDEEP
  
  768:cflivXrVKpVhKvtxwYHwVFoeAQTmucwUwnI:ylqrVKprVuQTpI
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2