General
-
Target
00225d2cd275941b4ceafcaddd9e1ba0_JaffaCakes118
-
Size
160KB
-
Sample
240425-1kjvksfd3y
-
MD5
00225d2cd275941b4ceafcaddd9e1ba0
-
SHA1
d57bce9d5f5a40677658768fc47f66a9eeae0c65
-
SHA256
e604baf73198099b301317a9e4e3bfe1b09b40d9f3d2adce7623f8d90fbddf7d
-
SHA512
2b37c5daec4ba39d4dbc49159e5c0ae09391767596dd2c9b26d88f3756ce5a84238560242d49786228f74bf5405441e364eeb360ee220cb7400af7fcc54bf48e
-
SSDEEP
1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ILln2/57u:9rfrzOH98ipgUL057u
Malware Config
Extracted
http://wynn838.com/wp-content/enE/
https://sertres.com/ivmej/p/
https://viaje-achina.com/wp-admin/aG/
https://aszcasino.com/aszdemo/AGA/
https://bintangremaja.com/wp-content/U/
https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
http://hk.olivellaline.com/gbi1e/2/
Targets
-
-
Target
00225d2cd275941b4ceafcaddd9e1ba0_JaffaCakes118
-
Size
160KB
-
MD5
00225d2cd275941b4ceafcaddd9e1ba0
-
SHA1
d57bce9d5f5a40677658768fc47f66a9eeae0c65
-
SHA256
e604baf73198099b301317a9e4e3bfe1b09b40d9f3d2adce7623f8d90fbddf7d
-
SHA512
2b37c5daec4ba39d4dbc49159e5c0ae09391767596dd2c9b26d88f3756ce5a84238560242d49786228f74bf5405441e364eeb360ee220cb7400af7fcc54bf48e
-
SSDEEP
1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ILln2/57u:9rfrzOH98ipgUL057u
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-