3484f0c6ad53d3b3f6584dc2bcfd374e8d0e3ff16b8d31bdd28faeb6b01cc8e0 | Triage

Sharing

General

Target

edbb00a88383647cbc9f671f60a5614d_JaffaCakes118
Size

208KB
Sample

240920-q66alazerm
MD5

edbb00a88383647cbc9f671f60a5614d
SHA1

af25d739d6d841801246dc01026c460081f28963
SHA256

3484f0c6ad53d3b3f6584dc2bcfd374e8d0e3ff16b8d31bdd28faeb6b01cc8e0
SHA512

f6d3050f7f6e79d6e02e08c2c897f4210a45e2df793a19feb92e917aa25048a1b4296bec86a4cd1073e61fa336dd3d857b9d6a3abec8c59df6e42c695709f513
SSDEEP

3072:YVHgCc4xGvbwcU9KQ2BBAHmaPxxVolb5EE:FCc4xGxWKQ2Bonxq

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  edbb00a88383647cbc9f671f60a5614d_JaffaCakes118
- Size
  
  208KB
- MD5
  
  edbb00a88383647cbc9f671f60a5614d
- SHA1
  
  af25d739d6d841801246dc01026c460081f28963
- SHA256
  
  3484f0c6ad53d3b3f6584dc2bcfd374e8d0e3ff16b8d31bdd28faeb6b01cc8e0
- SHA512
  
  f6d3050f7f6e79d6e02e08c2c897f4210a45e2df793a19feb92e917aa25048a1b4296bec86a4cd1073e61fa336dd3d857b9d6a3abec8c59df6e42c695709f513
- SSDEEP
  
  3072:YVHgCc4xGvbwcU9KQ2BBAHmaPxxVolb5EE:FCc4xGxWKQ2Bonxq
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2