General
-
Target
52f707023cd493cbe2cbfe570eb7af84_JaffaCakes118
-
Size
40KB
-
Sample
241017-wk6l5axflc
-
MD5
52f707023cd493cbe2cbfe570eb7af84
-
SHA1
23f415ea467041b639e0cdffaf6858d0abdb5398
-
SHA256
e051c05a358090efbc4a5f410daa3369c31d3c7ff905fc5867898e8efe8c2ce1
-
SHA512
034067ebaa7be505cde7d3d300b8af0e2180e66a38d32564c4f767934092e82c9a35fd109aae9c68f544a81f756433fb75dd3d483bcf101d870edd24934e9968
-
SSDEEP
768:B6duMrwJfwuswtpGXuogA0Uu+mkRdryFeIoAgdlv6/7:8dmwuskp+d+FeIzAs
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
52f707023cd493cbe2cbfe570eb7af84_JaffaCakes118
-
Size
40KB
-
MD5
52f707023cd493cbe2cbfe570eb7af84
-
SHA1
23f415ea467041b639e0cdffaf6858d0abdb5398
-
SHA256
e051c05a358090efbc4a5f410daa3369c31d3c7ff905fc5867898e8efe8c2ce1
-
SHA512
034067ebaa7be505cde7d3d300b8af0e2180e66a38d32564c4f767934092e82c9a35fd109aae9c68f544a81f756433fb75dd3d483bcf101d870edd24934e9968
-
SSDEEP
768:B6duMrwJfwuswtpGXuogA0Uu+mkRdryFeIoAgdlv6/7:8dmwuskp+d+FeIzAs
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-