7c3881f125cc849f8dc14f0245782273e7d6953e729c43058065cffddac9a387 | Triage

Sharing

General

Target

eebeaee66abe3c5cca60f77526907728_JaffaCakes118
Size

196KB
Sample

240921-ayzj3swhkc
MD5

eebeaee66abe3c5cca60f77526907728
SHA1

c772914d3ce1babb4b8da007fe8800a87ff7b5eb
SHA256

7c3881f125cc849f8dc14f0245782273e7d6953e729c43058065cffddac9a387
SHA512

0857e83c9f1316be5e902585a7ece22a151e1592dedbabd8e8374bd09a1e588ba13deecd49b69d951d03ae2bf2131d5f68df4b89d75e5fb66e170918a9689aef
SSDEEP

1536:iXs9wrnUh4d7ygVpn0uv77P11gqu87NhofgDdBq:iXYw4+dGgLn0sP11gqTofgZE

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.alizametal.com.tr
Port:
21
Username:
alizametal.com.tr
Password:
hd611

Extracted

Credentials

Protocol: ftp
Host:
ftp.yesimcopy.com
Port:
21
Username:
yesimcopy1
Password:
825cyf

Targets

- Target
  
  eebeaee66abe3c5cca60f77526907728_JaffaCakes118
- Size
  
  196KB
- MD5
  
  eebeaee66abe3c5cca60f77526907728
- SHA1
  
  c772914d3ce1babb4b8da007fe8800a87ff7b5eb
- SHA256
  
  7c3881f125cc849f8dc14f0245782273e7d6953e729c43058065cffddac9a387
- SHA512
  
  0857e83c9f1316be5e902585a7ece22a151e1592dedbabd8e8374bd09a1e588ba13deecd49b69d951d03ae2bf2131d5f68df4b89d75e5fb66e170918a9689aef
- SSDEEP
  
  1536:iXs9wrnUh4d7ygVpn0uv77P11gqu87NhofgDdBq:iXYw4+dGgLn0sP11gqTofgZE
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2