General
-
Target
0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118
-
Size
176KB
-
Sample
240427-bjasvagf6s
-
MD5
0211a5e536935ff85bce3d1c0aef2182
-
SHA1
88b8671fcb3085736c34fa821fbb1ec1a84dc97e
-
SHA256
90436fd2b7dd3b53b0f9abda0a244fb004bf403720ecc01f7ffe41eb1866b36d
-
SHA512
6a967f1b7b3c1d99a528a859122fd7bbbb1f3591ac73a5a281f9a57739210df21e8cc719c9fb9dc58f694996111d5b0401990b6a95e175de068fa0fe48a45a2c
-
SSDEEP
1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9PGnut1ExbYCYWOFBfM0jKdQ2gX:grfrzOH98ipgGuiX10+dngX
Behavioral task
behavioral1
Sample
0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
https://santyago.org/wp-content/0mcYS6/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
http://kellymorganscience.com/wp-content/SCsWM/
https://tewoerd.eu/img/DALSKE/
http://mediainmedia.com/plugin_opencart2.3-master/Atye/
http://nuwagi.com/old/XLGjc/
Targets
-
-
Target
0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118
-
Size
176KB
-
MD5
0211a5e536935ff85bce3d1c0aef2182
-
SHA1
88b8671fcb3085736c34fa821fbb1ec1a84dc97e
-
SHA256
90436fd2b7dd3b53b0f9abda0a244fb004bf403720ecc01f7ffe41eb1866b36d
-
SHA512
6a967f1b7b3c1d99a528a859122fd7bbbb1f3591ac73a5a281f9a57739210df21e8cc719c9fb9dc58f694996111d5b0401990b6a95e175de068fa0fe48a45a2c
-
SSDEEP
1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9PGnut1ExbYCYWOFBfM0jKdQ2gX:grfrzOH98ipgGuiX10+dngX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-