0e85b736a6eb8cf2b2ac8e133bc3bd448bb7455609e1954d19fa190cf2c999d6 | Triage

Sharing

General

Target

fb549ec6c2238340abf7d9fbeefba1cd_JaffaCakes118
Size

37KB
Sample

240928-czzbtasdkr
MD5

fb549ec6c2238340abf7d9fbeefba1cd
SHA1

13aaad5fe1173517c840c7c8b4c2ce77f8934bc8
SHA256

0e85b736a6eb8cf2b2ac8e133bc3bd448bb7455609e1954d19fa190cf2c999d6
SHA512

49e666dd6671a5bb26a982c52edb0b13d1102d08c25c026d686540597a30c3710db070b0f65640885caca41b52fa4f41539324662d38d89f6d98421d9cbfbefe
SSDEEP

768:/h5KjmmtmXb86hhJdIsRh2g3D4OKdPGI7sOfp5yFnQiFJzuO6rwJ:+jmmtmXbxHJdI3OKdvzfp5yFnQiFt6rc

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
bridgeport

Targets

- Target
  
  fb549ec6c2238340abf7d9fbeefba1cd_JaffaCakes118
- Size
  
  37KB
- MD5
  
  fb549ec6c2238340abf7d9fbeefba1cd
- SHA1
  
  13aaad5fe1173517c840c7c8b4c2ce77f8934bc8
- SHA256
  
  0e85b736a6eb8cf2b2ac8e133bc3bd448bb7455609e1954d19fa190cf2c999d6
- SHA512
  
  49e666dd6671a5bb26a982c52edb0b13d1102d08c25c026d686540597a30c3710db070b0f65640885caca41b52fa4f41539324662d38d89f6d98421d9cbfbefe
- SSDEEP
  
  768:/h5KjmmtmXb86hhJdIsRh2g3D4OKdPGI7sOfp5yFnQiFJzuO6rwJ:+jmmtmXbxHJdI3OKdvzfp5yFnQiFt6rc
Score

10^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2