Overview

overview

10

Static

static

1

2664a2409b...18.doc

windows7-x64

10

2664a2409b...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2664a2409be38d8ad646b59c79312cf0_JaffaCakes118

  • Size

    172KB

  • Sample

    240508-yazf6sbg21

  • MD5

    2664a2409be38d8ad646b59c79312cf0

  • SHA1

    c9b16851f16f58e798bc4008656a5b01cadcc327

  • SHA256

    8ea9374945017978b7791823de07454e34935f33fc707ec75cc1ca54f13ef18a

  • SHA512

    b9fa8fab668f8d969222b148401f58564ab3f1c378b6c98c3b6242a279a753b0e3ad968abee116425dc361db2a4162382cea48e019543d6e88a5e32250c0acf4

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7ccZaBD:Hs9ufsfgIf0pLIcZKD

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/
exe.dropper

http://www.noramua.com/wp-content/Eb/
exe.dropper

http://chakteholistico.com/wp-includes/7c/
exe.dropper

https://zeitraisen.com/wordpress/GoG/
exe.dropper

http://gosmart-online.com/wp-includes/9/
exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/
exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      2664a2409be38d8ad646b59c79312cf0_JaffaCakes118

    • Size

      172KB

    • MD5

      2664a2409be38d8ad646b59c79312cf0

    • SHA1

      c9b16851f16f58e798bc4008656a5b01cadcc327

    • SHA256

      8ea9374945017978b7791823de07454e34935f33fc707ec75cc1ca54f13ef18a

    • SHA512

      b9fa8fab668f8d969222b148401f58564ab3f1c378b6c98c3b6242a279a753b0e3ad968abee116425dc361db2a4162382cea48e019543d6e88a5e32250c0acf4

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7ccZaBD:Hs9ufsfgIf0pLIcZKD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks