General

  • Target

    ed07991eede56ecaf274d7c7f73f28e8_JaffaCakes118

  • Size

    653KB

  • Sample

    240920-hd4bjatdql

  • MD5

    ed07991eede56ecaf274d7c7f73f28e8

  • SHA1

    707ab348685e0ccd9298ffc5af93c1dde239a2d6

  • SHA256

    62a400947ec8e6f7106bdf733097624a0c5ec27c081fd57b0898deb506e23f69

  • SHA512

    98ef27b553e9825a75f7f7a86a99ec9a15d909ed493b96d2b628e40fe82f8f87bf482f75722263213f98e71f271d5ddc96895d4ab4920d621cfea30c36771181

  • SSDEEP

    3072:o/Ahwjk9HgMWBrzBAbBGOY80ZccdpzY/xVSiHfHXe:nABr9AbwOUZ/7yHfHX

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    chekenat.pips.ru
  • Port:
    21
  • Username:
    u320309
  • Password:
    8bkcduxf

Targets

    • Target

      ed07991eede56ecaf274d7c7f73f28e8_JaffaCakes118

    • Size

      653KB

    • MD5

      ed07991eede56ecaf274d7c7f73f28e8

    • SHA1

      707ab348685e0ccd9298ffc5af93c1dde239a2d6

    • SHA256

      62a400947ec8e6f7106bdf733097624a0c5ec27c081fd57b0898deb506e23f69

    • SHA512

      98ef27b553e9825a75f7f7a86a99ec9a15d909ed493b96d2b628e40fe82f8f87bf482f75722263213f98e71f271d5ddc96895d4ab4920d621cfea30c36771181

    • SSDEEP

      3072:o/Ahwjk9HgMWBrzBAbBGOY80ZccdpzY/xVSiHfHXe:nABr9AbwOUZ/7yHfHX

    Score
    10/10
    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks