f7c12026d8189fa370f5b72fb8c4d3d9f5006ddf96c010ad007a6bef6dfb9b6e | Triage

Sharing

General

Target

edb6eadfc3be0120b6f8381af3feea9a_JaffaCakes118
Size

26KB
Sample

240920-q1lzrsyhnc
MD5

edb6eadfc3be0120b6f8381af3feea9a
SHA1

3ea7e145a5170df10c468766ad97db43253c8321
SHA256

f7c12026d8189fa370f5b72fb8c4d3d9f5006ddf96c010ad007a6bef6dfb9b6e
SHA512

c8676b262aaae9101678d2ddba233c881912fd59edf750551612b5c05bef719eb7092c1d2555686fb8a9e61a8bf375328b44fe8bd7c38d0f52a6c55c0ff2f947
SSDEEP

384:gor3tHs7D3Yj56FwWITfHxzrASn8nx1NxkBiQYEagyZjnDz5XP1puhWmwjROyHwQ:g83tHsehh7RzrV87siQvGjD1NomrmsU

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
crossmadelol.vov.ru
Port:
21
Username:
u337590
Password:
wi4f2vo0

Targets

- Target
  
  edb6eadfc3be0120b6f8381af3feea9a_JaffaCakes118
- Size
  
  26KB
- MD5
  
  edb6eadfc3be0120b6f8381af3feea9a
- SHA1
  
  3ea7e145a5170df10c468766ad97db43253c8321
- SHA256
  
  f7c12026d8189fa370f5b72fb8c4d3d9f5006ddf96c010ad007a6bef6dfb9b6e
- SHA512
  
  c8676b262aaae9101678d2ddba233c881912fd59edf750551612b5c05bef719eb7092c1d2555686fb8a9e61a8bf375328b44fe8bd7c38d0f52a6c55c0ff2f947
- SSDEEP
  
  384:gor3tHs7D3Yj56FwWITfHxzrASn8nx1NxkBiQYEagyZjnDz5XP1puhWmwjROyHwQ:g83tHsehh7RzrV87siQvGjD1NomrmsU
Score

10^/10

discovery
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2