General

  • Target

    e779c919063807662ef4bdae8b8722d2_JaffaCakes118

  • Size

    248KB

  • Sample

    240408-psmqnahc62

  • MD5

    e779c919063807662ef4bdae8b8722d2

  • SHA1

    29a86776f8bc2bf52c57370968ef91fd130cb831

  • SHA256

    4aba97976344ea5fd0662c7e6cb49027461ee201208a17b244e624cebfd1aaaa

  • SHA512

    d3f318d724e50b16bebaeaa1f26a7b66252fe33a1e2bb2b67185537bd15a17be3d2e5c05d51f64ac917766d7bf7895e5c40f438806a8c879208afc0c340c30ff

  • SSDEEP

    3072:NOFYweLiaMyHMELYJqbzMpo5J4Ou/SBfSBJseo23o7pkmrTsKtRaXOiC+6/DnSmx:ILoiaEIBzu/SBfSBJs3frAKtF+6/GCm8

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://content.dropboxapi.com/2/files/download

Targets

    • Target

      e779c919063807662ef4bdae8b8722d2_JaffaCakes118

    • Size

      248KB

    • MD5

      e779c919063807662ef4bdae8b8722d2

    • SHA1

      29a86776f8bc2bf52c57370968ef91fd130cb831

    • SHA256

      4aba97976344ea5fd0662c7e6cb49027461ee201208a17b244e624cebfd1aaaa

    • SHA512

      d3f318d724e50b16bebaeaa1f26a7b66252fe33a1e2bb2b67185537bd15a17be3d2e5c05d51f64ac917766d7bf7895e5c40f438806a8c879208afc0c340c30ff

    • SSDEEP

      3072:NOFYweLiaMyHMELYJqbzMpo5J4Ou/SBfSBJseo23o7pkmrTsKtRaXOiC+6/DnSmx:ILoiaEIBzu/SBfSBJs3frAKtF+6/GCm8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks