7a7079918e63c64384f41c020ea8ec5ab1443dacf796c346a5cc388ac06936be | Triage

Sharing

General

Target

ea9e73deb9414a65e5e102a5e1b21e43_JaffaCakes118
Size

35KB
Sample

240919-fgtkdssbjl
MD5

ea9e73deb9414a65e5e102a5e1b21e43
SHA1

3ac917bfbef844668bc460df54e7a54789f0bbe6
SHA256

7a7079918e63c64384f41c020ea8ec5ab1443dacf796c346a5cc388ac06936be
SHA512

3965a50c86adc2c98adc003761079bbb299757cb3e160931bfddfdb00d1ee48e4b4f5511686ce5bf22568ed9209118e7900c14384d1e56779fd31882aefcb693
SSDEEP

768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQZrcwxBb/p:MQoj/YNJcAQZNx

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  ea9e73deb9414a65e5e102a5e1b21e43_JaffaCakes118
- Size
  
  35KB
- MD5
  
  ea9e73deb9414a65e5e102a5e1b21e43
- SHA1
  
  3ac917bfbef844668bc460df54e7a54789f0bbe6
- SHA256
  
  7a7079918e63c64384f41c020ea8ec5ab1443dacf796c346a5cc388ac06936be
- SHA512
  
  3965a50c86adc2c98adc003761079bbb299757cb3e160931bfddfdb00d1ee48e4b4f5511686ce5bf22568ed9209118e7900c14384d1e56779fd31882aefcb693
- SSDEEP
  
  768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQZrcwxBb/p:MQoj/YNJcAQZNx
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2