Overview

overview

10

Static

static

8

01dd1e9bed...18.doc

windows7-x64

10

01dd1e9bed...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01dd1e9bed21eb3a034b7b7b14c6f65f_JaffaCakes118

  • Size

    210KB

  • Sample

    240426-21j1yseg5w

  • MD5

    01dd1e9bed21eb3a034b7b7b14c6f65f

  • SHA1

    addbd7c4da645b719d36cf5df5f8ac41f6ec71ad

  • SHA256

    f58761d6abe3ad15dbd476209b0096437914904488af5c5be9aeeafa6d598a6b

  • SHA512

    f3347bc19bc2678998a8b236ad9aef7bf97b2b7b08af37d7f1d0590e8d955e03d0b406470ca93b2d13fc7dccaaf7dc2a039c9e0b8f1ab3633f841a823c1ef3e5

  • SSDEEP

    3072:0P22TWTogk079THcpOu5UZ2N5kmcB/YNYmg8:E/TX07hHcJQ0e0FR

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://waytoger.com/wp-admin/w/
exe.dropper

https://jaguarssus.xyz/wp-admin/GfU/
exe.dropper

https://learnkalmar.com/wp-includes/VSZ/
exe.dropper

http://tiendapablus.net/cgi-bin/SIr/
exe.dropper

https://prsaze.com/wp-admin/7a/
exe.dropper

https://www.campuscamarafp.com/wp-admin/N/
exe.dropper

https://infolockerz.com/wp-content/x/

Targets

    • Target

      01dd1e9bed21eb3a034b7b7b14c6f65f_JaffaCakes118

    • Size

      210KB

    • MD5

      01dd1e9bed21eb3a034b7b7b14c6f65f

    • SHA1

      addbd7c4da645b719d36cf5df5f8ac41f6ec71ad

    • SHA256

      f58761d6abe3ad15dbd476209b0096437914904488af5c5be9aeeafa6d598a6b

    • SHA512

      f3347bc19bc2678998a8b236ad9aef7bf97b2b7b08af37d7f1d0590e8d955e03d0b406470ca93b2d13fc7dccaaf7dc2a039c9e0b8f1ab3633f841a823c1ef3e5

    • SSDEEP

      3072:0P22TWTogk079THcpOu5UZ2N5kmcB/YNYmg8:E/TX07hHcJQ0e0FR

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks