General
-
Target
02f70ee95f464b1b675b4a764f51f3df_JaffaCakes118
-
Size
161KB
-
Sample
240427-lqc7nage9t
-
MD5
02f70ee95f464b1b675b4a764f51f3df
-
SHA1
b6a9f287ad26c4ed1d7fec8e74a543ed0974f8e5
-
SHA256
a1d525f7af979ad63de9bc40a2ae623a7985074cf541dea3e2faf3622af0f375
-
SHA512
ccb0a56db3de2a9cf34fc571005598bc1d892843aaa3b22ba02d4596c4d4389099d0081d425215d703657e816af12af7fd0e4b9e1c88dc48d51b5f8ff7a68e21
-
SSDEEP
1536:Brdi1Ir77zOH98Wj2gpngR+a9CGPrPkNFLCAwZ:BrfrzOH98ipgeGPgN5BwZ
Malware Config
Extracted
http://hoagietesting10.com/wp-content/SJ/
http://degepro.com/eTrac/s9/
http://hbprivileged.com/info/rp/
https://shoyannutrition.com/wp-includes/B4e/
https://ictsmkn2cibar.org/cgi-bin/N/
https://povedavicedo.com/wp-admin/d/
http://mbsolutions.ge/wp-admin/eRY/
Targets
-
-
Target
02f70ee95f464b1b675b4a764f51f3df_JaffaCakes118
-
Size
161KB
-
MD5
02f70ee95f464b1b675b4a764f51f3df
-
SHA1
b6a9f287ad26c4ed1d7fec8e74a543ed0974f8e5
-
SHA256
a1d525f7af979ad63de9bc40a2ae623a7985074cf541dea3e2faf3622af0f375
-
SHA512
ccb0a56db3de2a9cf34fc571005598bc1d892843aaa3b22ba02d4596c4d4389099d0081d425215d703657e816af12af7fd0e4b9e1c88dc48d51b5f8ff7a68e21
-
SSDEEP
1536:Brdi1Ir77zOH98Wj2gpngR+a9CGPrPkNFLCAwZ:BrfrzOH98ipgeGPgN5BwZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-