Overview

overview

10

Static

static

3

ef12087a2f...18.exe

windows7-x64

10

ef12087a2f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef12087a2f93d209f9b95fde892e21c0_JaffaCakes118

  • Size

    208KB

  • Sample

    240921-e43wxavfka

  • MD5

    ef12087a2f93d209f9b95fde892e21c0

  • SHA1

    6197ae393255b62233af02734630903b78f1fed9

  • SHA256

    27d3b000eb4a608f5e4a71a1e81cb53fc33c4138e51a1ba2f59a9f9a5aa8eef8

  • SHA512

    39afce11d8431ffde1b9daf49377a04bb9f3cd6ad7e87ea3ce56975cb07a926575d7258054cdc6c0c90669793cd884eb46e4368521e883f87483f22adf6686be

  • SSDEEP

    3072:lVHgCc4xGvbwcU9KQ2BBAHmaPxlVoHb5EM:4Cc4xGxWKQ2Bonxo

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      ef12087a2f93d209f9b95fde892e21c0_JaffaCakes118

    • Size

      208KB

    • MD5

      ef12087a2f93d209f9b95fde892e21c0

    • SHA1

      6197ae393255b62233af02734630903b78f1fed9

    • SHA256

      27d3b000eb4a608f5e4a71a1e81cb53fc33c4138e51a1ba2f59a9f9a5aa8eef8

    • SHA512

      39afce11d8431ffde1b9daf49377a04bb9f3cd6ad7e87ea3ce56975cb07a926575d7258054cdc6c0c90669793cd884eb46e4368521e883f87483f22adf6686be

    • SSDEEP

      3072:lVHgCc4xGvbwcU9KQ2BBAHmaPxlVoHb5EM:4Cc4xGxWKQ2Bonxo

    Score
    10/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks