General
-
Target
11f933cedc18581b6e3cbee57c98989a_JaffaCakes118
-
Size
182KB
-
Sample
240504-ksn69sbh64
-
MD5
11f933cedc18581b6e3cbee57c98989a
-
SHA1
915d1611aec25ac1c81da90158e8d4d67a6cb2de
-
SHA256
1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
-
SHA512
6eb7d198b4f57a544307b5318c91c5b18b86c521740a0197e53af4871a66e199eedcaec463c01dcd383c64f24ca908869150806b6fcaf860ec568566c0e26ed8
-
SSDEEP
3072:i+2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUOgmGhhjJ9U:i+2k44tGiL3HJk9AGD7bOgm6hjJ2
Malware Config
Extracted
http://hanserefelektrik.com/wp-content/o0zEZ17669/
http://governessfilms.com/cgi-bin/gnbw2/
http://forming-a.com/mysql/0s53/
http://harbour-springs.webonlinepro.com/cgi-bin/pdviP01/
http://gomitra.com/aspnet_client/xkwsJj/
Targets
-
-
Target
11f933cedc18581b6e3cbee57c98989a_JaffaCakes118
-
Size
182KB
-
MD5
11f933cedc18581b6e3cbee57c98989a
-
SHA1
915d1611aec25ac1c81da90158e8d4d67a6cb2de
-
SHA256
1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
-
SHA512
6eb7d198b4f57a544307b5318c91c5b18b86c521740a0197e53af4871a66e199eedcaec463c01dcd383c64f24ca908869150806b6fcaf860ec568566c0e26ed8
-
SSDEEP
3072:i+2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUOgmGhhjJ9U:i+2k44tGiL3HJk9AGD7bOgm6hjJ2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-