f0de00b49c40155991c3c2b3694da5e05b97261fd717b1503298adfd5a42e09e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c8f5997038fb3a203e187f1318c4b0d_JaffaCakes118
Size

209KB
Sample

241009-hctqpstakf
MD5

2c8f5997038fb3a203e187f1318c4b0d
SHA1

2c2affd13ec7b7c44e840b6e996f27c2a0d5bce5
SHA256

f0de00b49c40155991c3c2b3694da5e05b97261fd717b1503298adfd5a42e09e
SHA512

25f64efc0d0143c39ebf82a78a52a440cdc9e0ad23f07e4f7241779b22f61cd0fc1b71c4e826ec4731c6b86de8d53a2519e7d8b30930c7534c74164d38ae9446
SSDEEP

3072:XChJgYMm4xf9cU9KQ2BxA59SPMpOoIn2iw:rYMm4xiWKQ2BiCMt

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
onthelinux
Password:
741852abc

Targets

- Target
  
  2c8f5997038fb3a203e187f1318c4b0d_JaffaCakes118
- Size
  
  209KB
- MD5
  
  2c8f5997038fb3a203e187f1318c4b0d
- SHA1
  
  2c2affd13ec7b7c44e840b6e996f27c2a0d5bce5
- SHA256
  
  f0de00b49c40155991c3c2b3694da5e05b97261fd717b1503298adfd5a42e09e
- SHA512
  
  25f64efc0d0143c39ebf82a78a52a440cdc9e0ad23f07e4f7241779b22f61cd0fc1b71c4e826ec4731c6b86de8d53a2519e7d8b30930c7534c74164d38ae9446
- SSDEEP
  
  3072:XChJgYMm4xf9cU9KQ2BxA59SPMpOoIn2iw:rYMm4xiWKQ2BiCMt
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2