a8ef3418dfc0847be02a2dc7ed3789ad99b472b80b22b14729e98453f2c6f59d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1193a4a3b2e9ec94f2c46aba6ba20d0e_JaffaCakes118
Size

236KB
Sample

241004-dljvmsvena
MD5

1193a4a3b2e9ec94f2c46aba6ba20d0e
SHA1

9690db2919b808825ce6a37654217c0690a22992
SHA256

a8ef3418dfc0847be02a2dc7ed3789ad99b472b80b22b14729e98453f2c6f59d
SHA512

d613d09cce1fce2b0e04577302440d6a186e00ecd0f553b7240196593c12203614004d10844cfcf451d29a0e3a39d5275dd47004d2a150377ef80245f06e898c
SSDEEP

3072:uVHgCc4xGvbwcU9KQ2BBAHmaPxiVoPb5E:vCc4xGxWKQ2Bonx

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  1193a4a3b2e9ec94f2c46aba6ba20d0e_JaffaCakes118
- Size
  
  236KB
- MD5
  
  1193a4a3b2e9ec94f2c46aba6ba20d0e
- SHA1
  
  9690db2919b808825ce6a37654217c0690a22992
- SHA256
  
  a8ef3418dfc0847be02a2dc7ed3789ad99b472b80b22b14729e98453f2c6f59d
- SHA512
  
  d613d09cce1fce2b0e04577302440d6a186e00ecd0f553b7240196593c12203614004d10844cfcf451d29a0e3a39d5275dd47004d2a150377ef80245f06e898c
- SSDEEP
  
  3072:uVHgCc4xGvbwcU9KQ2BBAHmaPxiVoPb5E:vCc4xGxWKQ2Bonx
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2