ad0b17e7d9c8f6d00ed02e3ce2825cdf3841482ac02f8a9d1b531e5f4f2a69b6 | Triage

Sharing

General

Target

0b15d98a371adb04e50e4c8f3b260808_JaffaCakes118
Size

34KB
Sample

241002-rmnf4s1akn
MD5

0b15d98a371adb04e50e4c8f3b260808
SHA1

04125f8c16b7b4907c92a5986df6604525ac1d5c
SHA256

ad0b17e7d9c8f6d00ed02e3ce2825cdf3841482ac02f8a9d1b531e5f4f2a69b6
SHA512

72c9d3abb89a8e6de1ac6ec5b45e69d0f78cd42fcc2c7174f64ca426df073dd739f4d2efdaaf8f7ef2d3170194f0003eee16f42b8b4a0c436a16b51ed4fca643
SSDEEP

768:mzQYScGrIubHuYtvdxwYHw5FAe2QJncwxQ:gQTIubHy5wQJc

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  0b15d98a371adb04e50e4c8f3b260808_JaffaCakes118
- Size
  
  34KB
- MD5
  
  0b15d98a371adb04e50e4c8f3b260808
- SHA1
  
  04125f8c16b7b4907c92a5986df6604525ac1d5c
- SHA256
  
  ad0b17e7d9c8f6d00ed02e3ce2825cdf3841482ac02f8a9d1b531e5f4f2a69b6
- SHA512
  
  72c9d3abb89a8e6de1ac6ec5b45e69d0f78cd42fcc2c7174f64ca426df073dd739f4d2efdaaf8f7ef2d3170194f0003eee16f42b8b4a0c436a16b51ed4fca643
- SSDEEP
  
  768:mzQYScGrIubHuYtvdxwYHw5FAe2QJncwxQ:gQTIubHy5wQJc
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2