05f00d441ce0d850d14111ce67deb67c3c75cfa04fa50954373564bbb003ed36 | Triage

Sharing

General

Target

38722f871aba1f7ca605804bcafc21da_JaffaCakes118
Size

35KB
Sample

241012-e8ls7ayanj
MD5

38722f871aba1f7ca605804bcafc21da
SHA1

7f27bf3999bbcb7e06c58e5935d206f62a219721
SHA256

05f00d441ce0d850d14111ce67deb67c3c75cfa04fa50954373564bbb003ed36
SHA512

31fffe1280ce7a684ce2b50a238cffbc860cac6fbdc4812b54584b81cf67c6b566f62e3688c461767c26f1d1bed0abd3887a09f08cea675548e260ab46568523
SSDEEP

768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQYrcwxoZ:MQoj/YNJcAQY2

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.tripod.com
Port:
21
Username:
griptoloji
Password:
741852

Targets

- Target
  
  38722f871aba1f7ca605804bcafc21da_JaffaCakes118
- Size
  
  35KB
- MD5
  
  38722f871aba1f7ca605804bcafc21da
- SHA1
  
  7f27bf3999bbcb7e06c58e5935d206f62a219721
- SHA256
  
  05f00d441ce0d850d14111ce67deb67c3c75cfa04fa50954373564bbb003ed36
- SHA512
  
  31fffe1280ce7a684ce2b50a238cffbc860cac6fbdc4812b54584b81cf67c6b566f62e3688c461767c26f1d1bed0abd3887a09f08cea675548e260ab46568523
- SSDEEP
  
  768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQYrcwxoZ:MQoj/YNJcAQY2
Score

10^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2