37fe1fccca95c268a9187aad602a5150e3a4d132f70f46f0dc905393090a35f8 | Triage

Sharing

General

Target

ee895be376ea31b69b6a4ff6015a5026_JaffaCakes118
Size

208KB
Sample

240920-19nvts1enh
MD5

ee895be376ea31b69b6a4ff6015a5026
SHA1

2c47bf0d0aaad6b535a39f71e7b5b79b9fd2c691
SHA256

37fe1fccca95c268a9187aad602a5150e3a4d132f70f46f0dc905393090a35f8
SHA512

4f75b0da98a6ee173d8cf57b9f1b86917b6e0349ce7365595e129e55ae9a72d44a8416f50fd180e271820ac048a27bd7b3ca7e2196083c56f2fad8bc244e7340
SSDEEP

3072:2VHgCc4xGvbwcU9KQ2BBAHmaPxlVoGb5Eb:HCc4xGxWKQ2BonxY

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.byethost12.com
Port:
21
Username:
b12_8082975
Password:
951753zx

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  ee895be376ea31b69b6a4ff6015a5026_JaffaCakes118
- Size
  
  208KB
- MD5
  
  ee895be376ea31b69b6a4ff6015a5026
- SHA1
  
  2c47bf0d0aaad6b535a39f71e7b5b79b9fd2c691
- SHA256
  
  37fe1fccca95c268a9187aad602a5150e3a4d132f70f46f0dc905393090a35f8
- SHA512
  
  4f75b0da98a6ee173d8cf57b9f1b86917b6e0349ce7365595e129e55ae9a72d44a8416f50fd180e271820ac048a27bd7b3ca7e2196083c56f2fad8bc244e7340
- SSDEEP
  
  3072:2VHgCc4xGvbwcU9KQ2BBAHmaPxlVoGb5Eb:HCc4xGxWKQ2BonxY
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2