b9450ba415a649837ca3710f75ed78ed84510c7832189c0e68f5c7f1ca40b420 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16ad143aec7a4a90d1b61566a8650fcb_JaffaCakes118
Size

212KB
Sample

241005-h17mgasdjq
MD5

16ad143aec7a4a90d1b61566a8650fcb
SHA1

a5506c343992425266ca33118a79c8a5d170774b
SHA256

b9450ba415a649837ca3710f75ed78ed84510c7832189c0e68f5c7f1ca40b420
SHA512

38248d3deeabba58a54567e003a69ec89878fdce22fd69213aba549161f052fe30c4c333759b83b65fe4b658745105587e97c0a48cdb6972506fcf38d8c9dc4e
SSDEEP

3072:zVHgCc4xGvbwcU9KQ2BBAHmaPxDVoSb5E5:aCc4xGxWKQ2Bonx

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  16ad143aec7a4a90d1b61566a8650fcb_JaffaCakes118
- Size
  
  212KB
- MD5
  
  16ad143aec7a4a90d1b61566a8650fcb
- SHA1
  
  a5506c343992425266ca33118a79c8a5d170774b
- SHA256
  
  b9450ba415a649837ca3710f75ed78ed84510c7832189c0e68f5c7f1ca40b420
- SHA512
  
  38248d3deeabba58a54567e003a69ec89878fdce22fd69213aba549161f052fe30c4c333759b83b65fe4b658745105587e97c0a48cdb6972506fcf38d8c9dc4e
- SSDEEP
  
  3072:zVHgCc4xGvbwcU9KQ2BBAHmaPxDVoSb5E5:aCc4xGxWKQ2Bonx
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2