General
-
Target
012653803b956165ce9142668e38b223_JaffaCakes118
-
Size
228KB
-
Sample
240426-tjkl6afb83
-
MD5
012653803b956165ce9142668e38b223
-
SHA1
bf8f2637614b1b2eaaee8360405e9c2497ed88f2
-
SHA256
86b774067ba5911413c1125626056f32d4e076c0c15aa38e78c606573b3f730e
-
SHA512
c55dfd9283ba280898b7ce92cbfdf960c14870fead21a44e0556a8f004dbfc95d2c46e36af16150f2e9fbfc213ae61442de7536e91ea73f9a47659c0935ccdf7
-
SSDEEP
3072:y6W2fq9MLCvYg5usxh6cxkRgE012vAvOAhGf1dedeZJsuC1180MaRnh:A9MI5uGgcxigEWv74fT9iuC/IQn
Malware Config
Extracted
http://sratim.zesex.co.il/4Ex1Y/
http://sales.mhsb2u.com/V4duqV/
http://melb.org/1oz3i/
http://www.ghari.pk/zrMb/
https://petragregorova.com/jfhh/
Targets
-
-
Target
012653803b956165ce9142668e38b223_JaffaCakes118
-
Size
228KB
-
MD5
012653803b956165ce9142668e38b223
-
SHA1
bf8f2637614b1b2eaaee8360405e9c2497ed88f2
-
SHA256
86b774067ba5911413c1125626056f32d4e076c0c15aa38e78c606573b3f730e
-
SHA512
c55dfd9283ba280898b7ce92cbfdf960c14870fead21a44e0556a8f004dbfc95d2c46e36af16150f2e9fbfc213ae61442de7536e91ea73f9a47659c0935ccdf7
-
SSDEEP
3072:y6W2fq9MLCvYg5usxh6cxkRgE012vAvOAhGf1dedeZJsuC1180MaRnh:A9MI5uGgcxigEWv74fT9iuC/IQn
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-