83005a3a661280203721cd5be27261aae7973497fea01a3c93717e14a44e7688 | Triage

Sharing

General

Target

eb840ccdab283227762c1b097063f278_JaffaCakes118
Size

34KB
Sample

240919-rn77xatcnm
MD5

eb840ccdab283227762c1b097063f278
SHA1

311561e8904ee0aaabc9544d0e6f65ce68a14f97
SHA256

83005a3a661280203721cd5be27261aae7973497fea01a3c93717e14a44e7688
SHA512

ba5e74a165f2330e79514a8930894d60c94ae46fdb164791bfdf31c6f5b92721c539b66359468f6d45b8951b6002e14efc5be0908b4080d5172dfc9743eb2d16
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2Qgncwx7:gQTIubHy5wQgf

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  eb840ccdab283227762c1b097063f278_JaffaCakes118
- Size
  
  34KB
- MD5
  
  eb840ccdab283227762c1b097063f278
- SHA1
  
  311561e8904ee0aaabc9544d0e6f65ce68a14f97
- SHA256
  
  83005a3a661280203721cd5be27261aae7973497fea01a3c93717e14a44e7688
- SHA512
  
  ba5e74a165f2330e79514a8930894d60c94ae46fdb164791bfdf31c6f5b92721c539b66359468f6d45b8951b6002e14efc5be0908b4080d5172dfc9743eb2d16
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2Qgncwx7:gQTIubHy5wQgf
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2