fede770cb9060e49a28a8459bb28f32bed095ab99d9b80eaf9e3c0ff7658dab2 | Triage

Sharing

General

Target

0df1ad10b10d11c6013d7d83b4278eb9_JaffaCakes118
Size

213KB
Sample

241003-e61jkavdmm
MD5

0df1ad10b10d11c6013d7d83b4278eb9
SHA1

af3dcfaf567e1de5124d06fded43fb8116e91822
SHA256

fede770cb9060e49a28a8459bb28f32bed095ab99d9b80eaf9e3c0ff7658dab2
SHA512

dcc8a0b99a2dc75140adafb8db4ac4b9726c70e5e7f15840d5f573976113b1cef9874a0889e65b7ad429226f5d07a8bd7003ea02fb5effe5d0ec57a7ac2f67ed
SSDEEP

3072:oChJgYMm4xf9cU9KQ2BxA59SPMqOo1n2X:4YMm4xiWKQ2BiCMR

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  0df1ad10b10d11c6013d7d83b4278eb9_JaffaCakes118
- Size
  
  213KB
- MD5
  
  0df1ad10b10d11c6013d7d83b4278eb9
- SHA1
  
  af3dcfaf567e1de5124d06fded43fb8116e91822
- SHA256
  
  fede770cb9060e49a28a8459bb28f32bed095ab99d9b80eaf9e3c0ff7658dab2
- SHA512
  
  dcc8a0b99a2dc75140adafb8db4ac4b9726c70e5e7f15840d5f573976113b1cef9874a0889e65b7ad429226f5d07a8bd7003ea02fb5effe5d0ec57a7ac2f67ed
- SSDEEP
  
  3072:oChJgYMm4xf9cU9KQ2BxA59SPMqOo1n2X:4YMm4xiWKQ2BiCMR
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2