General

  • Target

    23667010dd50296692b34b198cfe5ba3_JaffaCakes118

  • Size

    13KB

  • Sample

    240329-qxplgsad59

  • MD5

    23667010dd50296692b34b198cfe5ba3

  • SHA1

    9d19525c2a44c8c69f9d2d0cd13d07076b073857

  • SHA256

    3715ef9df3ee965d97f6af8469d56bc203b8a1f219ae4422a1f33d23a1640251

  • SHA512

    099b6d4138eabbe9628ce0e8b80f9789f7b95ec71f1fc88e01aab0a50125bd2f46d16fdf9be10191d1c3eb886efe1cc49d53f0c5c7c46f4cfd3d841950bad47e

  • SSDEEP

    384:H2cQ6ZTp5r++wVj/e6O/3BkahDEj+oZgZn:WUpkVj/e6WtD0jZg9

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://dropmb.com/files/cdf12c0670fa3ed12ce20dd7608bfe62.vbs%60

Targets

    • Target

      23667010dd50296692b34b198cfe5ba3_JaffaCakes118

    • Size

      13KB

    • MD5

      23667010dd50296692b34b198cfe5ba3

    • SHA1

      9d19525c2a44c8c69f9d2d0cd13d07076b073857

    • SHA256

      3715ef9df3ee965d97f6af8469d56bc203b8a1f219ae4422a1f33d23a1640251

    • SHA512

      099b6d4138eabbe9628ce0e8b80f9789f7b95ec71f1fc88e01aab0a50125bd2f46d16fdf9be10191d1c3eb886efe1cc49d53f0c5c7c46f4cfd3d841950bad47e

    • SSDEEP

      384:H2cQ6ZTp5r++wVj/e6O/3BkahDEj+oZgZn:WUpkVj/e6WtD0jZg9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks