General
-
Target
02e79e2c985cedae5a0de59ac2a6c4be_JaffaCakes118
-
Size
194KB
-
Sample
240427-k481tafc99
-
MD5
02e79e2c985cedae5a0de59ac2a6c4be
-
SHA1
aa541e6aef43a2ba9b682e40908bcf3a075aa22b
-
SHA256
606c981a35630090fe7df6ea2bd78be7c01eb20f5d266ba2432b209e9bf26eb8
-
SHA512
7c8909a735541b52af032b6ce4b31ff49a46f5f4cd8cb1c37d27d0f7005634664a7add15923f63e051f1fe5e018776583e96483b68fb291c7fc2aa730e2f8430
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a95Iul8oPhEPmRl6VOo4B:2rfrzOH98ipgFIul8uWP+l6VOo4B
Malware Config
Extracted
https://vstbar.com/wp-admin/Hs/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
http://shahqutubuddin.org/U/
http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
https://star-speed.vip/wp-admin/Ttv/
https://treneg.com.br/rfvmbh/a/
https://cimsjr.com/hospital/x2f/
Targets
-
-
Target
02e79e2c985cedae5a0de59ac2a6c4be_JaffaCakes118
-
Size
194KB
-
MD5
02e79e2c985cedae5a0de59ac2a6c4be
-
SHA1
aa541e6aef43a2ba9b682e40908bcf3a075aa22b
-
SHA256
606c981a35630090fe7df6ea2bd78be7c01eb20f5d266ba2432b209e9bf26eb8
-
SHA512
7c8909a735541b52af032b6ce4b31ff49a46f5f4cd8cb1c37d27d0f7005634664a7add15923f63e051f1fe5e018776583e96483b68fb291c7fc2aa730e2f8430
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a95Iul8oPhEPmRl6VOo4B:2rfrzOH98ipgFIul8uWP+l6VOo4B
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-