a49f11e354c0edc509faea7b99a116a1ad402c72faa17a9354f7daaea6e03adb | Triage

Sharing

General

Target

086cdcecfba4044398f361ff7fae0321_JaffaCakes118
Size

98KB
Sample

241002-ctwzhawdnh
MD5

086cdcecfba4044398f361ff7fae0321
SHA1

adfc5437b1e240f6ae8a6e3b1b495e095d857207
SHA256

a49f11e354c0edc509faea7b99a116a1ad402c72faa17a9354f7daaea6e03adb
SHA512

fad5fce88ff8e7285998ad0fdd87048b5723ea338e84214e0fcd0a20ab8f065ca916c36badef17df69c8c388de19a994075d00d12ab6523144846f4cfd14c232
SSDEEP

1536:fCJVWpuVbSn1BlTiQDaKts99iMfg3UzQkOv:fCJXOn7speUzQv

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  086cdcecfba4044398f361ff7fae0321_JaffaCakes118
- Size
  
  98KB
- MD5
  
  086cdcecfba4044398f361ff7fae0321
- SHA1
  
  adfc5437b1e240f6ae8a6e3b1b495e095d857207
- SHA256
  
  a49f11e354c0edc509faea7b99a116a1ad402c72faa17a9354f7daaea6e03adb
- SHA512
  
  fad5fce88ff8e7285998ad0fdd87048b5723ea338e84214e0fcd0a20ab8f065ca916c36badef17df69c8c388de19a994075d00d12ab6523144846f4cfd14c232
- SSDEEP
  
  1536:fCJVWpuVbSn1BlTiQDaKts99iMfg3UzQkOv:fCJXOn7speUzQv
Score

10^/10

discovery
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2