2e1fe939698330fb970350f684fcd174c48dca04cb1d21b4343b398c4b467db2 | Triage

Sharing

General

Target

eea9bc7b1662d104f9f5840b1db21f33_JaffaCakes118
Size

35KB
Sample

240920-3p743sveqq
MD5

eea9bc7b1662d104f9f5840b1db21f33
SHA1

9b0858ec724ae498ad4290ee23930ea1686efc0a
SHA256

2e1fe939698330fb970350f684fcd174c48dca04cb1d21b4343b398c4b467db2
SHA512

23064422c015d4f1c148c4c5c70920170005defd60e58b018ca71005b30c0ca2b485e046e1e923ecbb6445980454554f5d80652f8ad9edfaa0595608c3381289
SSDEEP

768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/QehcwxR:+qYMz2wvdivQen

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  eea9bc7b1662d104f9f5840b1db21f33_JaffaCakes118
- Size
  
  35KB
- MD5
  
  eea9bc7b1662d104f9f5840b1db21f33
- SHA1
  
  9b0858ec724ae498ad4290ee23930ea1686efc0a
- SHA256
  
  2e1fe939698330fb970350f684fcd174c48dca04cb1d21b4343b398c4b467db2
- SHA512
  
  23064422c015d4f1c148c4c5c70920170005defd60e58b018ca71005b30c0ca2b485e046e1e923ecbb6445980454554f5d80652f8ad9edfaa0595608c3381289
- SSDEEP
  
  768:zqqYMYa/TMfwvmjdZBMZXQ3Qin4e/QehcwxR:+qYMz2wvdivQen
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2