General
-
Target
0f4c83b10543a5ed146181cf21832f3b_JaffaCakes118
-
Size
160KB
-
Sample
240503-a84lsach67
-
MD5
0f4c83b10543a5ed146181cf21832f3b
-
SHA1
8968fda21cf6436985a38aaeec2fac6717e4d425
-
SHA256
03cc121fa7423385a2cb58565982f5d30c4b855db53f9a46511e051bdb9b31a3
-
SHA512
9115f55a35f66b24f26771bf36e75df5fe05af448b030a736817ff26b7fd3f99f0457719f63cf74b45f52a0f2b99502d2f0c2bef28972741350692ac005b343d
-
SSDEEP
1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9DLln2/5fe:9rfrzOH98ipgnL05fe
Malware Config
Extracted
http://wynn838.com/wp-content/enE/
https://sertres.com/ivmej/p/
https://viaje-achina.com/wp-admin/aG/
https://aszcasino.com/aszdemo/AGA/
https://bintangremaja.com/wp-content/U/
https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
http://hk.olivellaline.com/gbi1e/2/
Targets
-
-
Target
0f4c83b10543a5ed146181cf21832f3b_JaffaCakes118
-
Size
160KB
-
MD5
0f4c83b10543a5ed146181cf21832f3b
-
SHA1
8968fda21cf6436985a38aaeec2fac6717e4d425
-
SHA256
03cc121fa7423385a2cb58565982f5d30c4b855db53f9a46511e051bdb9b31a3
-
SHA512
9115f55a35f66b24f26771bf36e75df5fe05af448b030a736817ff26b7fd3f99f0457719f63cf74b45f52a0f2b99502d2f0c2bef28972741350692ac005b343d
-
SSDEEP
1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9DLln2/5fe:9rfrzOH98ipgnL05fe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-